Microsoft quietly announced yesterday that Microsoft 365 Business Premium customers (this is a SMB license for customers with less than 300 seats) can now add the Microsoft 365 E5 Security as a bolt on for just $12 pupm.
This represents a saving of 57%
Why would I want Microsoft E5 Security Add-on
This upgrade includes a heap of Enterprise E5 features previously only available to Microsoft Enterprise Customers on Microsoft 365 E3. It includes:
Microsoft Entra P2 (Identity protection, Risk Based Conditional Access, Secure Access etc)
Defender for Office Plan 2
Defender for Identity
Defender for Endpoints (Plan 2) with XDR
Defender for AI & Cloud Apps and
more.
The offers huge value for SMBs bringing their security protection in line with what has previously only been included within Microsoft 365 E5 but at a fraction of the cost. The enhanced protection features in Entra P2 and Defender P2 will be highly valuable for business looking to strengthen their security posture with best-in-class solutions, whilst reducing the reliance on multiple technologies and vendors with integrated management across the rest of their Microsoft 365 Security Portal.
How do I get the Microsoft 365 Security Add-on
Simple – if you are a web-direct customer, you can add-on via the Microsoft 365 Admin centre. If you buy from partner (Cloud Solution Provider) via NCE, speak to them for pricing or speak to us at https://www.cisilion.com.
The integration of artificial intelligence (AI) into enterprise environments has introduced new security concerns. As adoption of AI continues at “cautious” pace, organisations must ensure the safety of the hundreds of AI apps that employees use (or try to use) sanctioned or unsanctioned as well as any AI applications built or customised by the organisation. This affects both data governance, exposure, and leakage as well as compliance.
I have aimed to not only compare their key features, similarities, and differences, but also to look at how both offerings can indeed help organisations based on specific business scenarios and needs.
Cisco AI Defense
Overview
Due to be released in March 2025, Cisco’s new AI Defense works slightly differently to Microsoft’s offering and is focused on securing AI applications throughout their entire lifecycle. AI Defense integrates with Cisco’s extensive network infrastructure portfolio providing specialised AI security measures.
Business and technology leaders can't afford to sacrifice safety for speed when embracing AI. In a dynamic landscape where competition is fierce, speed decides the winners. Fused into the fabric of the network, Cisco AI Defense combines the unique ability to detect and protect against threats when developing and accessing AI applications without tradeoffs". Jeetu Patel | Exec VP | Cisco.
Whilst not released yet, it will I have based this product release information I have read.
Cisco AI Defense focused on two primary areas of protection.
Accessing AI Applications: Recognising that whilst third-party AI applications can significantly boost productivity but may pose risks such as data leakage or malicious downloads. Cisco AI Defense is designed to give IT and SecOps full visibility into app usage and can enforce policies to ensure safe, secure access.
Building and Running AI Applications: Cisco acknowledge that developers require the freedom to innovate without worrying about vulnerabilities or safety issues in their AI models. AI Defense discovers your AI footprint, validates models to identify vulnerabilities, and applies guardrails to enforce security measures in real-time across both public and private clouds
Key Features
End-to-End Protection: Protects both the development and use of AI applications, ensuring safety and security throughout the AI lifecycle.
Network-Level Visibility: Leverages Cisco’s unmatched network visibility and control to detect and protect against threats.
AI Model and Application Validation: Identifies potential safety and security risks with automated vulnerability assessments.
Real-Time Protection: Offers robust real-time protection against adversarial attacks, including prompt injections, denial of service, and data leakage.
AI Cloud Visibility: Automatically inventories AI models and connected data sources across distributed environments.
Microsoft Defender for Cloud and AI
Overview
Microsoft Defender for Cloud and AI is designed to offer comprehensive security for AI applications and cloud services. Being a Microsoft product, it integrates seamlessly with Microsoft 365 and their wider cloud ecosystem, providing robust threat protection and security posture management. It also supports multi-cloud environments making it suitable for enterprise organisations.
Microsoft Defender for Cloud and AI’s primary protection areas are based upon:
Threat Protection and Security Posture Management: Microsoft Defender for Cloud and AI provides real-time threat protection for AI workloads and visibility into AI components, identifying vulnerabilities and offering built-in recommendations to strengthen security.
Integration and Continuous Monitoring: It integrates with Defender XDR for centralised alerts and continuous monitoring, ensuring security measures are enforced across hybrid and multicloud environments.
Key Features
AI Threat Protection: Provides real-time threat detection for generative AI applications, including data leakage, data poisoning, jailbreak, and credential theft.Real-time identification and mitigation of threats to generative AI applications.
AI Security Posture Management: Continuous monitoring and management of the security posture of AI applications, with automated vulnerability discovery and remediation recommendations.
Cloud App Security: Protection for SaaS applications, offering visibility into cloud app usage and protection against threats.
Prompt Evidence: Includes suspicious segments from user prompts and model responses in security alerts.
Extended Detection and Response (XDR): Integration with Defender XDR to centralise AI /workload alerts and correlate incidents for efficient incident management.
Integration with Microsoft Ecosystem: Seamlessly integrates with Azure, Microsoft 365, and other Microsoft security solutions and workloads.
Comparative Analysis
In short, both Microsoft and Cisco are providing products which complement their wider security portfolios to help customers better protect their organisations in the rapidly evolving world and adoption of AI technologies.
Similarities
AI Security: Both solutions focus on helping organisations secure AI applications and provide end-to-end visibility into their AI workloads.
Real-Time Threat Detection: Each offers real-time threat detection and protection, ensuring prompt identification and mitigation of security threats.
Integration with respective Ecosystems: Both solutions integrate with their respective broader security ecosystems (Cisco for Cisco products, Microsoft for Microsoft products).
Differences
Whilst both focus on security across the customers domain with a focus on understanding and protecting against (and keeping control of) AI based applications, there are clear, there are some subtle and unique differences.
Scopes of Use
Cisco AI Defense Specialises more in securing AI applications throughout their lifecycle including home grown developed services, where as Microsoft Defender for Cloud and AI is more focused on providing comprehensive security for both AI applications and SaaS applications.
Platform Integration
Cisco AI Defense provides deep integration with Cisco’s network infrastructure and other Cisco security products. Microsoft Defender for Cloud and AI has seamless integration with the wider Microsoft’s ecosystem, including Azure, Microsoft 365, Dynamics, Power Apps as well as being part of the wider Microsoft security solutions.
Capabilities
Cisco AI Defense places a key emphasis on AI-specific security measures that include automated vulnerability assessments and real-time protection against adversarial attacks.
Whilst similar in approach, Microsoft Defender for Cloud and AI offers broader security features, including threat protection for both AI and cloud services, and integrates with Microsoft’s XDR for centralised incident management.
When to choose which?
When to choose Cisco AI Defense
Best For: Organisations with a significant focus on AI development and deployment, particularly those heavily invested in Cisco’s network infrastructure.
Primary Benefits: AI model validation, runtime protection, and extensive integration with Cisco’s network and security products.
When to Choose Microsoft Defender for Cloud and AI
Best For: Organisations utilising a mix of AI and SaaS applications, especially those heavily invested in the Microsoft ecosystem (Azure, Microsoft 365, etc.).
Primary Benefits: Comprehensive threat protection, tight integration with Microsoft 365, Azure, Dynamics 365 and existing Microsoft security solutions.
Case Scenario: Ficticous Enterprise Organisation
Customer Profile: “A large enterprise organisation with a complex infrastructure, several hundred applications (mainly SaaS) as well as in-house and hosted custom applications running in Public Cloud (Azure), mix of productivity tools (Microsoft 365), AI-powered assistants (Microsoft Copilot and Chat GPT), multi-campus network environment (Cisco Meraki), Cloud Voice (Microsoft Teams), Space Management Tools (Cisco Spaces) and network performance monitoring (Cisco ThousandEyes).
Organisation has and uses Microsoft 365 E5. They have a contact centre based on Cisco Webex and use Microsoft Teams Meeting Rooms with Cisco endpoints. User devices as mix of Lenovo and Surface. They also use Cisco Duo. They have a Cisco EA.
They are in the middle of a Microsoft 365 Copilot pilot with around 20% of their organisation but aware that some other departments may have other shadow AI tools. They are also looking at building their own apps that will use a magnitude of AI agents and connectors.”
Cisco AI Defense vs Microsoft Defender for Cloud and AI
Given the complex infrastructure and diverse applications of this large enterprise organisation, the differences, strengths and similarities of each really stand out. Appreciating this a “made up” organisation, you can see where and why each product has its strength and merits.
Microsoft Defender for Cloud and AI
Given the extensive use of Microsoft services and the presence of Microsoft 365 E5, Microsoft Defender for Cloud and AI is highly recommended. It offers comprehensive security coverage for both AI applications and SaaS applications, integrating seamlessly with the existing Microsoft ecosystem. The core services are also included within the Microsoft 365 E5 subscription.
Key Benefits:
Broad Threat Protection: Covers both AI applications and cloud services, ensuring robust security across the organization.
Integration with Microsoft Ecosystem: Seamless integration with Azure, Microsoft 365, and the organisations other Microsoft applications and security solutions.
Centralised Management: Facilitates centralised management and monitoring, improving operational efficiency.
Cisco AI Defense
Considering the organisation’s significant investment in Cisco networking solutions and the presence of Cisco Meraki, Cisco Spaces, and Cisco ThousandEyes, Cisco AI Defense is also recommended. It provides specialised AI security measures and integrates well with Cisco’s network infrastructure.
Key Benefits:
AI-Specific Security: Focuses on securing AI applications throughout their lifecycle, providing tailored protection.
Deep Integration with Cisco Infrastructure: Enhances overall network security by integrating with Cisco’s network and security products.
Real-Time Protection: Offers robust real-time protection against adversarial attacks, ensuring continuous integrity of AI operations.
Combined Approach
Given the organisation’s diverse IT infrastructure and the need for comprehensive security, a combined approach using both Microsoft Defender for Cloud and AI and Cisco AI Defense is advisable. This dual solution ensures that all aspects of the IT infrastructure are covered, from AI applications to cloud services and networking.
By leveraging both solutions, the organization can achieve a robust, integrated security framework that covers all their IT needs, ensuring comprehensive protection and efficient management.
Budget and Management Considerations
Budget: While using both solutions might seem costly, the investment is likely justified by the enhanced security and centralised management capabilities.
Management: Both solutions offer centralised management, making it easier to oversee and control security measures. The tools are managed across the respective product suites which are already in use within the organisation minimising additonal admin / sec ops over head.
Conclusion
Cisco AI Defense and Microsoft Defender for Cloud and AI are both robust solutions tailored to different security needs and infrastructures. Understanding their strengths and integration capabilities allows organisations to make informed decisions, achieving comprehensive and integrated security frameworks.
Cisco AI Defense is new and will be available in March 2025, so please do let me know if I’ve missed anything obvious…
One of the concerns I often talk to organisations about, is the fear that Copilot might surface sensitive information that it should not have access to due to IT/Compliance teams not really knowing who has access to what. The phrase “Security through obscurity” is often what we heard being used.
The primary cause of this is the over-permissioning and sharing of files, which is a growing concern for organisations and one of the “blockers” often cited in Copilot Adoption.
The over-sharing problem
The ability to reason over employee data and shared organisational data is one of Microsoft 365 Copilot’s strengths over other Gen AI tools (that need feeding). These responses Copilot gives and the content it creates rely on access to data that the user already has access to across their organisation’s Microsoft 365 environment. And here often lies the problem. If an organisation has low levels of data governance, no data classification and labelling, combined with high levels of over-sharing can create real concerns for IT and Data Compliance teams.
One of the reasons that Copilot often has access to data that it “perhaps” shouldn’t have is not due to security flaw or issue across Copilot or Microsoft 365, but because files or sites have been shared too widely and have no (or the wrong) privacy and sensitivity set. Addressing this is no small task since many organisations will have million of files and tens of thousands of SharePoint and Teams sites.
Organisations and even teams within organisations often operate at various levels of maturity in governing SharePoint data. While some orgaanisations strictly monitor permissions and oversharing of content, others do not. The situation is further complicated because many people, teams and organisations have “legitimate” reasons to share “some” data widely within the organisation. This can mean users in your organisation may make choices that result in the oversharing of SharePoint content. As an example
Users may save critical files in locations accessible to a wider audience than intended.
Users may prefer sharing content with large groups rather than specific individuals.
Users might not pay close attention to permissions when uploading files.
Users may not understand how to use sensitivity labelling (if enabled) to control access.
Services such as Microsoft SharePoint and Microsoft Copilot for Microsoft 365 utilise all data to which individual users have at least View permissions, which might include broadly shared files that the user is unaware of. As a result, users might see these applications as exposing content that was overshared. Oversharing can lead to sensitive information being exposed to unintended recipients. Users, while well intentioned, might not always grasp the implications of their sharing choices. They might overlook permissions or opt for convenience over security.
As a result, it’s important to use the permission models in SharePoint to ensure the right users or groups have the right access to the right content within your organisation. The following sections describe the key steps that administrators can implement to configure their SharePoint permissions model to help prevent data oversharing.
Dealing with Oversharing
The good news is that Microsoft is adding new features to SharePoint and Purview to make it easier to see, understand and control over sharing across Microsoft 365 with a hope to help adoption efforts and wider roll out of Microsoft 365 Copilot. This includes new Data Security Posture Management (DSPM) and enhancements for Data Loss Prevention policies in Microsoft 365 Copilot, and SharePoint Advanced Management. These can help automate site access reviews at scale and add controls to restrict access to sites if they contain highly sensitive information.
Microsoft have also released a blueprint guide for organisations planning to or deploying Copilot. These are nicely tailored to adjust to those with mainly Microsoft 365 E3 and E5 licenses respectively.
These new tools IMO are going to be vital to help organisation understand and address oversharing so they feel more feel confident in their employees adopting AI tools like Microsoft 365 Copilot.
AI is really good at finding information, and it can surface more information than you would have expected. This is why it’s really important to address oversharing. Typically, these issues are a by-product of good collaboration, particularly across Teams, SharePoint sites and OneDrive.
Alex Pozin | Director of Product Marketing | Microsoft
From early 2025, Microsoft will make access to SharePoint Advanced Management (SAM) available at no extra cost to Microsoft 365 Copilot subscriptions. Outside of this, SharePoint premium (which includes SAM ) will be available at a cost of around $3 per user each month.)
New Capabilities in SharePoint Advanced Management
There are also new features for SAM that Microsoft says will provide greater control over access to SharePoint files.
New permission state reports (available now) can identify “overshared” SharePoint sites. The site access review feature can then provide a easy way to ask site owners to review and address permissions.
Restricted Content Discovery – which should start to roll out this month in public preview (December 2024), will allow IT admins to prevent Copilot from searching and processing data in specific sites for content and result generation. This does not prevent direct access to the site meaning that users can access the content directly as normal. This feature builds on the SharePoint Restricted Access Control, which was released last year, and lets IT admins restrict site access to specific sites to just “site owners” only, while also preventing Copilot from indexing and summarising files in these sites.
One of the use cases for this, are for where there are data locations containing information that needs to be contained to a set of people – such as financial reports, M&A planning, amnd other secret stuff. IT need to be confident that these locations and files will not show up in SharePoint searches and will be well out the reach of Copilot or other AI tools, essentially making sure that nobody can accidently or unintentionally be aware of, see or access the content. This is where Restricted Content Discovery comes in – locking down and hiding this information from plain site and from Copilot’s retrieval augmentation and indexing.
New Capabilities in Microsoft Purview
Microsoft are also adding new capabilities in Purview too. Purview is available as standalone or is part of Microsoft 365 E5.
/
Microsoft Purview is a centralised hub within Microsoft 365 that helps organisations meet regulatory and compliance requirements. It helps organisations manage their compliance obligations, protect sensitive data, and mitigate risks within their Microsoft 365 environment.
Here, there are new tools to help identify “overshared files” that can be accessed by Copilot. These includes oversharing assessments for Microsoft 365 Copilot in the Data Security Posture Management (DPSM) tool which is now in Public Preview (from December 2024) and can be accessed via the newly revamped Purview portal.
DSPM Portal in Microsoft Purview
The oversharing assessments are designed to highlight data that may present exposure risk by scanning files for sensitive data and identifying data repositories such as SharePoint and Teams sites where access permissions appear to be too wide and broad. The tool will also provide recommendations to admins and site owners for ways to mitigate oversharing risk, such as adding sensitivity labels or restricting access from SharePoint.
For example, DSPM can detect and help you deal with controlling ethical behaviour in AI (example demo environment below). For all the recommendation, Microsoft provides a simple step by step “wizard” to help IT and Compliance add policies.
Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot, also in public preview, enables IT and security admins to create data loss prevention (DLP) policies to exclude certain documents from being processed by Copilot based on a the file or sites sensitivity label. This applies to files held in SharePoint and OneDrive, but can be configured at other levels, such as group, site, and user, to provide more flexibility around who can access what.
Insider Risk Management has also been updated to detect “risky AI usage.” This even includes user prompts that contain sensitive information and attempts by users to access unauthorised sensitive information. What’s key to note here is that this feature is not just limited to Microsoft 365 Copilot and also also covers Copilot Studio, and ChatGPT Enterprise.
Oversharing Blue Prints
I really like this. Microsoft’s new blueprint resource pages on Microsoft Learn provide recommended approaches and guidance for organisations to help them understand, mitigate and manage oversharing during what they define as the three main stages of Microsoft 365 Copilot deployment.
Pilot [Pilot]
Wider Deployment [Deploy at Scale]
Organisational Rollout [Operate]
Microsoft provide two blueprint designs. A “foundational path” and what they call an “optimised path” that uses some of the more Microsoft 365 advanced data security and governance tools found in Microsoft 365 E5 subscriptions.
Is there funding available to help?
It depends – but most likely!
Microsoft have a Cyber Security Investment Program open to select/specialist partners like Cisilion. These provide funded workshops, assessments and proof of value deployments across key Security workloads including Microsoft Purview as well as structured Copilot pilot deployments, vision and value
Organisations should speak to their Microsoft Solutions Partner for more information. You can contact Cisilion here should you need to.
Conclusion
In many of the discussions I and my team at Cisilion have with customers, we see that almost all of the organisations we work still have concerns over data governance in the realm of AI access. Of these most expect Microsoft to help them address these whilst some have already invested in third party tools to help them get a “grip” on their data and sharing.
We have seen a plethora of customers invest/upgrade to high-tier Microsoft 365 plans (including E5 Security and Compliance) or full Microsoft 365 E5 in order to gain access to Microsoft Purview. Some argue these tools should be provided as part of their Copilot investment, so it is great to see Microsoft meeting customers in the middle and at least providing some of these tools as part of this license investment.
The issue is not Copilot per-say, but it is that Copilot with it’s ability to access compnay data is causing more organisations to double down and look at the existing issues they have of too many SharePoint Sites, too much over sharing, orphaned data (data with no owner) inadequate data classification and labeling.
By addressing security and data governance and levering the new tools available, this at least should solve one of the blockers to AI adoption.
The second is Adoption and Change Management – more on that in the next blog post!
This week at Microsoft Ignite 2024, Microsoft unveiled new features and controls for SharePoint and Purview, aimed at empowering IT teams and ensuring robust data protection and governance. These enhancements are part of Microsoft’s ongoing commitment to providing intelligent solutions that respect an organisations controls while driving productivity and efficiency. Oversharing of data is one of the most common causes of rogue data and poor data governance and one of the biggest blockers to wider AI adoption.
Microsoft offers two powerful tools to address this concern of oversharing: SharePoint Advanced Management for site management and content governance capabilities, and Microsoft Purview for security, compliance, and governance across data and files. Both have new capabilities and availability following announcements at Ignite in Chicago.
Advanced Management for SharePoint for Copilot.
To give IT teams even more control, Microsoft have said that SharePoint Advanced Management will be included at no additional charge for Copilot customers. There’s also need and updated features coming.
Restricted Content Discovery (RCD) to help identify and manage content that is restricted or sensitive, ensuring that such content is not overshared within the organisation. This works by allowing SharePoint Administrators to restrict specific SharePoint sites from participating in organisation wide search and Microsoft 365 Chat. Once configured, all content from the site will be hidden from tenant-wide search and Microsoft 365 Chat by default for all users in the tenant, even if a user has site access permissions. While child content will be hidden by default, users will still be able to search for content they have recently interacted with. This includes recently accessed and modified files, even if RCD is applied to the parent site. Searches originating from a site context will not be impacted.This will be available in Public Preview in December 2024 and Generally Available from March 2025
Restricted Access Control (RAC) feature allows administrators to control and restrict access to specific sites or content within SharePoint to helps in preventing unauthorised access and oversharing of sensitive information. New AI content governance controls and insights will be available in early 2025.
Deployment Blueprint is a new feature that will offers a structured approach to deploying Microsoft 365 Copilot while addressing the risks of information oversharing. It will include best practices, guidelines, and tools to ensure that sensitive information is protected during the deployment process.
SharePoint Advanced Management will be Generally available in Q1 2025 and will allow IT to better govern access and usage of Copilot and agents, including controls over which users can use Copilot and agents, along with visibility into agent status and life cycle.
SharePoint Advanced Management will be included as standard for organisations with Microsoft 365 Copilot licenses.
Purview
Data Loss Prevention – To provide addition protection, Microsoft Purview Data Loss Prevention (DLP) will soon be extended to support Microsoft 365 Copilot. DLP policies will be able to identify sensitive documents based on sensitivity labels and exclude processing for Copilot interactions in Microsoft 365 Copilot Business Chat. In preview from December.
Data Security Posture Management (DSPM) provides insights into the security posture of data within the organisation. It helps in identifying potential risks and vulnerabilities related to data oversharing and provides recommendations to mitigate these risks.
Risky AI Usage Detection is a new feature which can detect and alert admins about potentially risky usage of AI within the organization. It helps in preventing data leakage and unauthorised access by monitoring AI activities. This is now in public preview.
GenAI Risk Detections is another feature which focuses on detecting risks associated with the use of generative AI. It ensures that AI-generated content does not lead to oversharing of sensitive information or unauthorised access.
Measurement and Reporting with Copilot Analytics
To help IT and business leaders track adoption patterns and return on investment from the use of Copilot and agents, Microsoft is introducing Copilot Analytics.
This new feature includes out-of-the-box experiences to measure Copilot adoption and business impact, customisable reporting for deeper analysis.
The new Copilot Analytics. Microsoft Viva Insights will be included in Copilot at no additional charge as part of this new analytics suite.
How Microsoft partners can help
Cisilion, as your Copilot Jumpstart partner, will be incorporating these new features and controls into our guidance and briefing and expect Microsoft will rapidly be updating their official documentation and guidance.
The Copilot Pilot programme, entwines technical readiness with business guidance and comprehensive adoption and change management to ensures that your organisation receives the most up-to-date and comprehensive support in leveraging these advancements for optimal data protection and governance whilst putting these into practice for a smooth and measurable pilot.
Conclusion
These new controls and features are designed to provide IT teams with the tools they need to govern access, usage, and reporting while ensuring data protection and governance. Microsoft is committed to helping organisations leverage the power of AI to drive productivity, efficiency, and security.
Microsoft is taking a significant step forward in enhancing the Windows Hello experience on Windows 11. This overhaul, now in beta testing for Windows Insiders will bring a more intuitive and visually appealing interface for both facial, passkeys and fingerprint recognition.
New Windows Hello experience on Windows 11
Cleaner, More Intuitive UI
The revamped Windows Hello UI is designed to streamline the authentication process. Users will notice new iconography and visual changes that make switching between authentication options more intuitive. Whether you’re logging into your device or using passkeys for websites and apps, the experience is now more seamless and user-friendly.
Enhanced Passkey Integration
One of the standout features of this update is the improved passkey integration.
New passkey process in testing on Windows 11
Previously, using passkeys from a mobile device involved scanning QR codes and navigating an outdated UI. The new system simplifies this process, allowing for quicker and more secure authentication. Additionally, Microsoft has also introduced a new API for third-party password and passkey managers, enabling developers to integrate directly with the Windows Hello experience.
Future-Proofing Authentication
This update is not just about aesthetics; it’s about future-proofing authentication on Windows 11.
By supporting passkeys from mobile devices and enabling synchronization with third-party apps, Microsoft is ensuring that users have a secure and efficient way to manage their credentials and also allows them to be seemlessly and securely added to your Microsoft Account.
We redesigned Windows security credential user experiences for passkey creating a cleaner experience that supports secured and quick authentication.. Users will now be able to switch between authentication options and select passkey / devices more intuitively.
Currently available to Windows Insiders in the beta channel, and will hopefully hit testers on the other Insider channels soon. This new Windows Hello experience is expected to roll out to all Windows 11 users in the coming months.
Are you looking forward to seeing new Windows Hello UI?
As Microsoft prepares to end support for Windows 10 on October 14, 2025, users have a critical decision to make. They must either migrate to Windows 11 or pay for extended security updates (ESU). Microsoft will offer distinct options for consumer (home) customers. They will also offer options for commercial customers who want or need to continue using Windows 10 after this date.
Consumer Pricing for ESU
We know that commercial enterprises were going to have the “cost” option of paying for extended updates while they “complete” they migration / move to Windows 11, but in the first time in history, Microsoft have also announced that consumers can will also have the option to purchase a single year of Extended Security Updates (ESU) for a one off $30 (ÂŁ25) cost.
Commercial Pricing for ESU
Pricing to commercial customers will be based on tiered pricing options with pricing set-out at
$61 per device per year for the first year
$122 per device for the second year, and
$244 per device for the third year.
Organisations needed or wishing to pay for ESU for their devices for 3 years will therefore incur costs of $427 per device.
Extended Security Updates: A Temporary Solution
Microsoft’s ESU program will provide a lifeline in helping any organisation or consumer unable or unwilling to upgrade to Windows 11 before October 14th, 2025, (when Windows 10 enters end of support).
Bear in mind though that these ESU updates are just security and zero-day updates. There will be no new features, bug fixes, or technical supportincluded.
These are, of course, optional, but there are huge risks for continuing to use Windows 10 devices without protection from security exploits or newly discovered vulnerabilities.
This is especially true for commercial organisations. They lack protection from security and vulnerability updates.
The Risks of Running an Unsupported OS
Running an operating system without security updates poses significant risks, both for consumers and businesses including:
Increased Vulnerability to Cyber Attacks: Without regular security patches, systems become prime targets for hackers. Vulnerabilities that are discovered post-support will remain unpatched, leaving systems exposed to malware, ransomware, and other cyber threats.
Compliance Issues: For businesses, using unsupported software can lead to non-compliance with industry regulations. It can also lead to non-compliance with standards. This may result in hefty fines and legal repercussions. This can also affect security certifications. These include Cyber Security and Cyber Security Plus. It also impacts trust from customers and business partners.
Operational Disruptions: Security breaches can cause significant downtime, disrupting business operations and leading to financial losses. For consumers, this could mean losing access to important personal data and services.
Higher Long-Term Costs: While the initial cost of ESU might seem manageable, the long-term financial impact of a security breach can be devastating.
The best approach is to start planning the move to Windows 11 now. There are just over eleven months to do this. For consumers, this could mean upgrading. It could also mean replacing their devices with ones capable of running Windows 11. Windows 11 was released and started shipping on new devices in 2021.
Will my device run Windows 11?
Microsoft have a useful website which show the minimum system specifications for Windows 11 which you can access –> here <-
In reality any device newer that 4-5 years old should have no problem running Windows 11, , but in short, you need a device with at least:
Processor: 1 GHz or faster and min of 2 core.
RAM: 4 GB or more.
Storage: 64 GB or larger storage device / HDD / SDRAM – you’ll much more in reality.
System Firmware: UEFI, Secure Boot capable.
TPM: Trusted Platform Module (TPM) version 2.0. (this is important)
Graphics Card: Compatible with DirectX 12 or later with WDDM 2.0 driver.
Display: High definition (720p) – must be greater than 9” diagonally.
Tools to check compatibility
Another really easy way to check your device (if you are a consumer of want to check a couple of devices) is to the use the PC HealthCheck App. This can be downloaded from https://aka.ms/GetPCHealthCheckApp if it’s not already installed on your Windows 10 device.
When you run the tool, you get one of three outcomes. If you device passes, you’ll see a “meets requirements” message, and if it fails, you’ll receive a “doesn’t currently meet”. Coprate devices may see a message stating that “your organisation manages updates” and as such check with IT department (though I suspect they are already on it!)
Commercial Customers IT departments can easily check Windows 11 eligibility using Microsoft Intune or System Centre.
Conclusion
The decision to stick with Windows 10 and not migrate to Windows 11 should not be taken lightly. While ESU provides a temporary solution, the risks associated with running an unsupported OS far outweigh the benefits.
The risks of not updating (or paying for extended security updates) are too high. It is only acceptable if your device is never connected to the internet. Additionally, you should avoid using external sources such as USB devices.
Upgrading to Windows 11 ensures continued security. It also provides access to the latest features and support. This makes it a wise investment for both consumers and businesses.
Q&A
What about my anti-virus applications? In reality these will still work as will any application you are running on your machine. You will need to check with the antivirus provider to check that they will still support Windows 10, but as long as they do and you pay the subscription to them, it shouldn’t impact these anti-virus signature updates.
What about other software like Office Apps? Well Office 2016 and Office 2019 also go end of support in October 2025. You’ll need to upgrade these too if you want to get feature updates and security updates and fixes. You will likely find other software vendors like Adobe will also stop supporting Windows 10 (as many did with Windows 7). You’ll need to check with the software provider.
Can I upgrade the hardware in my device to get compliant? That is also an option. After running the compatibility checker, you may find that upgrading your hard drive, adding more memory or swapping other components may “get your device compliant”. In most cases this isn’t cost effective.
The EU AI Act, effective from August 2024, regulates AI systems within theEU, categorizing them into prohibited, high-risk, and limited or minimal risk. Microsoft is committed to compliance through tools like Purview Compliance Manager, continuous monitoring, data privacy measures, bias mitigation, and transparency initiatives.
Understanding the EU AI Act
The EU AI Act, effective from August 2024, is a comprehensive regulation designed to govern the development, deployment, and use of AI systems within the European Union. It categorises AI systems into three risk levels: prohibited, high-risk, and limited or minimal risk.
Prohibited AI Systems: These are AI applications that pose unacceptable risks, such as those that manipulate human behavior or exploit vulnerabilities of specific groups. Organisations must decommission such systems by February 2025.
High-Risk AI Systems: These include applications used in biometric identification, critical infrastructure, education, and law enforcement. High-risk systems are permitted but must undergo stringent compliance checks, including conformity assessments by accredited third parties or through self-assessment.
Limited or Minimal Risk AI Systems: These cover applications like chatbots and AI-generated content, which are generally permitted but require transparency and informed consent from users.
Key Challenges in AI Compliance
Organisations will likely face several challenges in navigating AI compliance:
Ensuring Continuous Compliance: AI regulations are dynamic, and organisations must continuously update their systems to remain compliant. This involves tracking regulatory changes and implementing necessary updates promptly.
Managing Data and Privacy: AI systems often process vast amounts of data, including sensitive information. Ensuring that AI applications do not inadvertently access or misuse sensitive data is a significant concern.
Addressing Bias and Inaccuracy: AI systems must be trained on diverse and representative data sets to avoid biases. Inaccurate or biased AI outputs can lead to ethical and legal issues.
Maintaining Transparency: Organisations must ensure that their AI systems operate transparently, providing clear information on how data is used and decisions are made.
Microsoft’s Commitment to AI Compliance
Microsoft is at the forefront of ensuring AI compliance and ethical use. Here are some key initiatives and tools that demonstrate Microsoft’s commitment:
Purview Compliance Manager: Part of the Microsoft Purview family, this tool helps organizations manage compliance with various regulations, including the EU AI Act. It offers templates for different regulatory requirements, enabling organizations to streamline their compliance processes.
Continuous Monitoring and Updates: Microsoft ensures that its AI applications, such as Microsoft 365 Copilot, are continuously monitored and updated to comply with evolving regulations. This proactive approach helps organisations stay ahead of compliance requirements.
Data Privacy and Security: Microsoft emphasizes robust data privacy and security measures. AI applications are designed to prevent unauthorised access to sensitive data, and tools like Data Loss Prevention (DLP) policies help safeguard information.
Bias Mitigation: Microsoft is committed to reducing bias in AI systems. By using diverse data sets and implementing rigorous testing protocols, Microsoft aims to ensure that its AI applications provide fair and accurate results.
Transparency and Accountability: Microsoft promotes transparency in AI operations. Users are informed about how their data is used, and AI systems are designed to provide clear explanations for their decisions.
Conclusion
The EU AI Act represents a significant step towards ensuring the ethical and responsible use of AI. As organisations navigate this complex regulatory landscape, Microsoft’s tools and initiatives provide valuable support in achieving compliance. By prioritising continuous monitoring, data privacy, bias mitigation, and transparency, Microsoft is helping organisations harness the power of AI while adhering to the highest standards of ethical conduct.
What organisations can do
As we move forward in this AI-driven future, it’s crucial for every organisation large and small, private and public to stay informed and proactive about regulatory compliance in this space.
If you are invested in Microsoft Technology, be that Microsoft 365 or Azure, ensure to further explore Microsoft’s extensive and comprehensive suite of tools and resources to ensure your organisation and AI connected systems are not only compliant but also ethical and transparent.
Microsoft is building new Windows security features to prevent another CrowdStrike incident and are in talks to enable them to do to more to allow them to better protect the core of their OS to prevent outages and widespread impact like the CrowdStrike incident which impacted more then 8.5 million devices and is estimated to have caused more than $10b financial impact.
Fighting against the anti monopolies commissions.
In an ideal world, Microsoft would have right to protect their core kernel code and prevent any third parties interfering or accessing it.
Today, however, law is preventing them from doing this to ensure they adhere to the anti monopolies and anti compete laws in many parts of globe. Instead Microsoft are doing all they can to further harden security around the kernel and Windows security in general.
Their goal is of course to find a comprised way to protect Windows from software issues caused by security vendors to ensure OS integrity without killing third party security vendors but to avoid them needed kernel level access in the first place…
Enhancing Security without Kernel Access
Since July, Microsoft has been in talks with leading security vendors, including CrowdStrike, Broadcom and Sophos, to develop a new security platform in Windows that still allows security vendors to do their thing, but without Microsoft having to expose full kernel access.
Then last week ( September 10th, 2024), Microsoft, CrowdStrike, and many other security partners who provide endpoint security technologies got together to discuss ways to boost resiliency and protect our mutual customers’ critical infrastructure. Aidan Marcuss, Corporate VP of Microsoft Windows and Devices said “Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.”
The goal is to prevent incidents similar to the CrowdStrike outage and enhance the overall security framework of Windows without monopolosing the endpoint and XDR markets.
Benefits to Consumers
For everyday users, this would promises a more secure and stable computing experience in a world where attacks on identity and data theft are increasing at pace. By further reducing the risk of security breaches and system outages, whilst reducing the risk of third party apps and services causing system failures, Microsoft is ensuring that consumers continue to trust them to protect their personal data and maintain smooth operation. Enhanced security measures mean fewer disruptions and a safer online environment, which is crucial in an era where cyber threats are increasingly sophisticated.
Benefits to Business Users
For commerciall/business users, they of course would gain significantly from these new security measures. With sensitive corporate data and identity consistency at risk from attack or breach, Microsoft’s enhanced security framework will provide businesses with greater peace of mind and further increase the trust they already have with Microsoft to protect their data, applications and emails.
Of course, reduced risk of breaches and downtime caused by third party apps and services also translates to increased choice (without fear), and lower costs associated with security incidents and system outages incidents.
Whilst this should enable businesses to focus more on their core operations, knowing that their IT infrastructure is robust and secure, it doesn’t remove the need for full business continuity planning….
Microsoft’s Perspective and Benefit
For Microsoft, this move is a strategic step to reinforce its commitment to security and reliability. Arguably, Microsoft is the biggest security company in the world and with over a billion devices running the Windows operating system, they have a duty to continue to protect their products from outages caused by, well things out of their control, such as the CrowdStrike update fail!
By working closely with security vendors and regulatory bodies, Microsoft is not only positioning itself as a leader in the cybersecurity space, but also as a partner that works with its software houses (ISVs) and customers to ensure they still have choice over the aspects of Windows they use (or subscribe too) and the third party vendors they choose to work with.
So what about the third party security vendors then?
Security vendors like CrowdStrike, Broadcom, Sophos, Cisco, and Trend Micro also benefit from this collaboration by being part of a more secure and standardised platform. This partnership allows them to continue to innovate and develop advanced security solutions without the complexities and risks associated with kernel access..it also. Means they will continue to get support and help from Microsoft (as a Isv partner) in developing and supporting their products.
Potential Concerns and Regulatory Involvement
Naturally, there are concerns about potential monopolistic practices. Vendors (and those less. Involved in their initiative) may fear that Microsoft might restrict kernel access for third-party products while retaining it for its own, which could limit their ability to compete effectively, pushing customers to jump. Ship and just adopt Microsoft security products and services.
To address such concerns and ensure transparency, Microsoft has involved US and European government officials in discussions. This move is aimed at addressing regulatory concerns and demonstrating Microsoft’s commitment to a fair and secure computing environment. While the initiative is largely seen as positive, it is crucial for Microsoft to maintain an open and competitive landscape for all security vendors.
Conclusion
Microsoft’s new security measures would represent a significant step towards a safer Windows environment. By working closely with security vendors and involving regulatory bodies, Microsoft is striving to create a secure and fair platform for all users making kernel acess more controlled than it is today. This promises numerous benefits for consumers, business users, and security vendors alike, while also addressing potential concerns about competition and transparency.
Read more. The Register has also covered this story in depth of you want to read more here.
I run a monthly fireside chat panel discussion with IT and Business leaders from a handful of our Cisilion customers. Today, we talked about the outage and reflected on if, can and what we, the industry and our vendors need to do to minimise/prevent this vast impact happening again.
If you missed the "show" - you can watch it below.
September 2024 – Cisilion Fireside Chat
In our September 2024, fireside chat, our panel and I delved into the significant impact and lessons that can be learned from the CrowdStrike outage in July which is estimated to have cost more than $10B US and affected more than 8.5 million Windows devices when CrowdStrike distributed a faulty configuration update for its Falcon sensor software running on Windows PCs and servers.
This update featured a “modification” to a configuration file which was responsible for screening named pipes [Channel File 291]. The faulty update caused an out-of-bounds memory read in the Windows sensor client that resulted in an invalid page fault. The update caused machines to either enter into a bootloop or boot into recovery mode.
Today’s fireside chat conversation covered a range of topics, from the immediate effects of the outage to long-term strategies for enhancing cybersecurity resilience.
The Immediate Impact of the CrowdStrike Outage
The panel began by addressing the widespread disruption caused by the CrowdStrike outage. We discussed the outage’s extensive reach, affecting millions of devices and various sectors, including healthcare, finance, and transportation. In my intro to the episode, I mentioned that “It was really hard to believe…such a small relatively trivial and small update could impact so many people, devices and organisations“. This set the stage for a deeper exploration of the outage’s implications on cybersecurity practices.
As we kicked off, I praised the collaboration between Microsoft and CrowdStrike in addressing the outage. He mentioned that despite initial blame-shifting in the media, there was a concerted effort to resolve the issue, showcasing the importance of vendor cooperation in crisis management. The panel in short didn’t think there was much more Microsoft could have done – the key was updates and openness which is so critical in a global issue like this – as people and businesses need updates and answers as well as help in restoring systems which both Microsoft and CrowdStrike did in drones.
Vendor Reliance and Preparedness
Ken Dickie(Chief Information and Transformation Officer at Leathwaite), emphasised the importance of incident management and the worlds’ reliance on third-party and cloud providers. He shared his insights into the challenges of controlling the fix and the revelation of technology’s utility nature to leadership teams stating that it can be hard to explain to “IT” on “how little control we had over the actual fix“. Matthew Wallbridge(Chief Digital and Information Officer at Hillingdon Council) echoed the sentiment, stressing the need for preparedness and the role of people in cybersecurity, stating, “It’s less about the technology, it’s more about people.”
Supply Chain Risks
Matthew raised concerns about supply chain risks, highlighting recent attacks on media and the need for better understanding and mitigation strategies. This part of the discussion underscored the interconnected nature of cybersecurity and the potential vulnerabilities within the supply chain.
Goher Mohammed (Group Head of InfoSec at L&Q Group.) mentioned the impact on their ITSM due to vendor reliance in the supply chain, which degraded their service, emphasising the need for resilience and contingency plans. This led to further discussions about how important understanding the importance of the Supply Chain validation is in our security and disaster recovery planning and co-ordination. Matt talked frequently about “control the controllable” but ask the right questions to the ones (vendors) you can’t control. Goher said that whilst L&Q were not directly affected, they did experience “degraded service due to supply chain impacts“, emphasising the need for resilience and contingency plans and review of that of their supply chain(s).
Resilience and Disaster Recovery Planning
The conversation then shifted to strategies for enhancing resilience. Here I discussed how we at Cisilion are revisiting our own disaster recovery plans to include scenarios like the Crowdstrike outage.
We discussed a lot about the cost of resilience and that there is a “limit” to what you can mitigate against before the cost skyrockets out of control with very little reduction in risk. It was agreed there are many things that can’t “easily” be mitigated in this particular scenario, but that we can be better prepared.
The panel talked about various strategies that “could be considered” including recovering to “on-prem”, re-visiting the considerations around multi-cloud strategies and the potential benefits of edge computing in mitigating risks associated with device reliance.
We also discussed whether leveraging technologies such as Cloud PCs, and Virtual Desktops have a part to play in recovery and preparation as well as whether using Bring Your Own Devices would/could/should be a bigger part of our IT and desktop strategy, along with, of course SASE technology to secure access.
Goher advised “do a real audit, understand the most critical assets, the impact they have further down the line and whether there is more that can be done to mitigate against outage/failure/issue“. This led us into an interesting side discussion around Secure Access Service Edge (SASE) – emphasising the “importance of not relying on trusted devices alone”.
The Human Aspect of IT Incidents
David Maskell (Head of IT and Information Security at Thatcham Research) brought a crucial perspective to the discussion, focusing on the human aspect of IT incidents. He reminded the audience of the importance of supporting IT teams during crises, highlighting the stress and pressure they face. The panel agreed with David, all of whom emphasised the importance of ensuring teams are looked after, highlighting the human aspect of managing IT incidents especially when things are not directly controllable (such with Cloud outages) and the need for good, solid communications to the business.
Ken also reflected on leadership’s reaction to the outage, emphasising the “gap in understanding the reliance on technology” that many business leaders (especially those not from a techy background) have”. The days of “it’s with IT to fix” are clearly not as simple as they once were!
Conclusion: The Path Forward
As we concluded the discussion, the panel dwelled over the lessons and tips to offer viewers, each other and the industry.
In general the guidance acoss the panel were around
The importance of regular security reviews, external audits, and business continuity testing.
The need to adopt a proactive stance around cyber security and technology outages, ensuring that their teams are prepared (they run testing and attack/outage simulations).
Ask more questions of your supply chains – they may be your weakest link. Are they secure, and are their recovery plans robust?
Map your critical systems and know the impact on an outage – what is the continuity plan – if devices are affected, how can people access your technology – look at Cloud PCs (such as Windows 365), can you support the use of personal devices (look at SASE technologies such as Cisco Secure Connect)
Review your technology dependencies. It’s not necessarily about multi-vendor but this might be a consideration – even for backup.
In summary, the CrowdStrike outage serves as a stark reminder of the vulnerabilities inherent in our reliance on technology and the critical need for comprehensive cybersecurity strategies.
We have seen social media frenzy this morning following a triple whammy of issues impacting Azure Virtual Machines (running Windows 10 and Server 2016) and Windows devices across hundreds of organisations where devices are rebooting to the Windows Recovery Screen issue on Windows 10 devices and Server running older versions.
19/7/24 11:00am: The impacts of the issue are still on-going although the root cause is known and CrowdStrike and working with Microsoft on getting a patch out…
19/7/24: 15:00: CrowdStrike have updated their sites to take accountability of the issue (Microsoft still helping) that has impacted devices due to a “bug” in their software update which caused the BSOD. They have pulled and fixed the update and are working with their customers to remediate the impact. Microsoft have also offered guidance on what can be done to reverse the issue – links to this below.
29/7/2024: 18.00: this is not a Microsoft problem (yet I imagine they will be blamed) but it affected millions of Windows systems… Read to the bottom to see why.
Summary
Since the early hours of the morning, several media companies, airlines, transport companies, tech companies, and schools / universities are reporting a Blue Screen (actually a safetyrecovery screen) issue Windows 10.
The issue is impacting Windows 10 devices that are using CrowdStrike Falcon agent – their flagship Extended Detect and Response (XDR) Security platform.
Impacted devices are crashing following this Falcon Client update and then getting stuck at the “Recovery” screen due to a critical system driver failure that is preventing the device from starting back up.
CrowdStrike and Microsoft are actively working on this to drive a permanent fix, workarounds are available which require manually preventing this service from starting on affected devices.
The issue is not known to be affecting devices running Windows 11 and Server 2019 and beyond.
What is CrowdStrike?
CrowdStrike, a cybersecurity firm based in the US, assists organisations in securing their IT environments, which encompasses all internet-connected resources.
Their mission is to “safeguard businesses from data breaches, ransomware, and cyberattacks” and they position themselves as having leading offerings that compete with other vendors including Microsoft themselves, SentinelOne, and Palo Alto Networks. Their client base is extensive and includes legal, banking, finance, travel firms, airlines, educational institutions, and retail customers.
A key offering from CrowdStrike is their Falcon XDR tool, touted on their website for delivering “real-time indicators of attack, hyper-accurate detection, and automated protection” against cybersecurity threats.
Root Cause
Information available from CrowdStrike and Microsoft state that the issue is caused by a “faulty” version of the csagent.sys file which is key system start-up file needed by CrowdStrike’s new sensors update for their Falcon Sensor agent. It is this file that has been responsible for the BSOD errors on Windows 11 and many servers running older Windows Server OS running in private and public data centres such as Microsoft Azure. .
George Kurtz, the CEO of the global cybersecurity firm CrowdStrike, stated that the issues were due to a “defect” in a “content update” for Microsoft Windows devices.
“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”
Impact
Windows 10 devices are primarily affected.
Devices running Windows Server 2016 and older in Azure are also impacted if they run the CrowdStrike Falcon agent.
Limited/less impact on devices running Windows 11 or Windows 2019 and later.
Note: Windows 10 enters end of support in October 2025.
Is there a fix?
Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.
The formal advice if this issue is affecting your organisation is to contact your CrowdStrike Support representative – CrowdStrike and Microsoft are actively working to address the issue both as a response to the issue and preventative to ensure more devices are not impacted.
Since the issue is known to be caused by the csagent.sys file, there are ways to manually prevent this file being loaded, allowing the device to load. There are a couple of ways to do this.
Use Safe Mode and delete the affected file:
Boot the device to Safe Mode
Open Command Prompt and navigate to the CrowdStrike directory which should be C:\Windows\System32\drivers\CrowdStrike
Locate and delete the file matching the pattern C-00000291.sys* – you can do this using the by using a wildcard dir C-00000291*.sys.
Remove or rename the file.
Use Registry Editor to block the CrowdStrike CSAgent service:
Boot to Safe Mode
Open Windows Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent
Change the Start value to 4 to disable the service.
Dan Card, of BCS, The Chartered Institute for IT and a cyber security expert said: “People should remain calm whilst organisations respond to this global issue. It’s affecting a very wide range of services from banks to stores to air travel.“
He also said that whilst the cause is now known, it is still causing worldwide issues and impacts on consumer services, banking, healthcare and travel and will take some time to remediate.
“Companies should make sure their IT teams are well supported as it will be a difficult and highly stressful weekend for them as they help customers of all kinds. People often forget the people that are running around fixing things.”
Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.
Conclusion
CrowdStrike has acknowledged the issue and is investigating the cause. Users can follow the above steps to resolve the recovery screen issues and boot their PCs normally.
Crowdstrike and Microsoft worked tirelessly to resolve this issue and prevent further widespread impact.
“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”
Devices running Microsoft’s latest Operating Systems seem to be less impacted (though information still being collated).
How did Microsoft allow this to this happen?
How did this happen? Many people are asking why Microsoft are shifting blame to Crowdstrike (who have admitted fault) asking why and how did Microsoft allow this?
In short, it’s not their fault and there really wasn’t anything they could have done to prevent it…. Here’s why..
Many Security products such as XDR products made by Crowdstrike, Palo Alto, and even Microsoft’s own XDR product defender, are what is known as “kernel mode products” . Whilst this issue affected Windows the same “hiccup error with the update” could have equally of affected other OS such as MacOS and Linux since they are kernal extensions.. This means is they had made the same mistake on the updates for these OS’s the same product mess up would have occurred.
In an ideal world all applications and services would run in user mode rather than Kernel Mode, but with many security and AV products, these have a need (a legitimately one) to monitor at the lowest levels of the OS in order to detect attacks… This is not possible if running in user mode as the kernel is protected.
The Blue Recovery Screen (which was mistaken by most as the Blue Screen of Death (BSoD) which it actually was not is actually the Windows OS safety net.
As such, there is not much more Microsoft can do here. These are third party applications not managed or developed or controlled/updated by Microsoft. If Microsoft were to manually vet every update and change to an application, Microsoft would be classed as control hogs and the world will crucify them for it!
Microsoft cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.
The outage is awful and has impacted so many organisation including crutiic services, but it’s also not fair IMO that Microsoft and Windows have been dragged through the dirt simply because it’s their OS that was impacted by the poor updates and issues another third party application caused.
It’s not the first time this had happened…to other OS’s
According report by Neowin, ” similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company”s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.
In April, a CrowdStrike update caused all Debian Linux servers in a civic tech lab to crash simultaneously and refuse to boot. The update proved incompatible with the latest stable version of Debian, despite the specific Linux configuration being supposedly supported. The lab”s IT team discovered that removing CrowdStrike allowed the machines to boot and reported the incident. “
What this shows it the vital importance on update testing and deployment rings.
Yesterday 17th July 24, a new Cyber Security Bill was announced as part of the King’s Speech with industry experts and cyber security firms and advisory boards applauding the greater scrutiny and policies being placed on protecting the nation, our public services, critical infrastructure, and businesses – small, medium, and large.
The bill, will hand more power to regulators around cybersecurity incidents – and also includes a mandate reporting for ransomware attacks. The bill was announced in today’s King’s Speech, alongside 40 others.
… strengthen the UK’s cyber defences, ensure that critical infrastructure and the digital services that companies rely on are secure
Kings Speech | July 2024
In parallel, a new Digital Information and Smart Data Bill also announced, would have security concerns and implications if this Cyber Security Bill had not also been announced since one of it’s aims is to further support and speed up the digitising of more central and local government services as well as bring in new data-sharing standards, whilst giving the Information Commissioner’s Office (ICO) new powers.
CyberSecurity – State of the nation
The newly introduced Cyber Security Bill acknowledges that the UK as a whole faces increasing attacks from both financially-motivated cyber criminals and state actors, with entities of all sizes being frequent targets. The bill was proposed in response to cyber attacks on the UK’s digital economy, which have affected public services and infrastructure. Its aim is to enhance the protection of essential services and critical national infrastructure, which are particularly vulnerable to hostile actors. This is underscored by numerous cyber attacks in recent years on the NHS, NHS Blood supply, UK Trusts, the Ministry of Defence, the British Library, the Electoral Commission, Royal Mail, and various other government entities.
Life vs Death- The NHS Blood Supply Attack: The announcement comes after a severe Russian cyber-attack on Synnovis, a private firm offering pathology services like blood tests to the NHS. As a result of the attack, some patients were notified that their blood test appointments could be delayed by up to six months. It also affected supply of blood and much needed transfusions.
What’s in the Cyber Security Bill?
The new Cyber Security Bill consists of two main objectives.
To expand the remit of existing regulation
Provide regulators with a stronger foundation for the protection of digital services and supply chains, and enhance reporting requirements to develop a more comprehensive understanding of cyber threats.
The bill will expand the remit of regulators to cover supply chains and companies providing service/managed services to organisations – addressing the growing prevalence of supply-side attacks, where malicious actors gain access to organisation’s networks and systems via third-party suppliers such as MSPs, network providers and CSP providers or though APIs and systems which connect to other systems for things such as stock control, support and remote access. The bill also promises to create a stronger regulatory environment to ensure cyber safety measures are actually being introduced.
What about NIS2?
The Cyber Security Bill aims to revise the current UK Network and Information Security (NIS) Regulations 2018. These regulations originate from the EU’s NIS Directive, which outlines specific cybersecurity and incident reporting duties for operators of ‘essential services’ and digital service providers.
The EU has initiated an update to the original NIS framework, with ‘NIS2’ scheduled for implementation across EU member states by 17 October 2024. Whilst ‘NIS2’ does not expliciitly apply to UK companies, this bill is likley to align closely to it and may even add “icing on top”.
About mandatory reporting on ransomwareattacks
Today, whilst organisations need to report data breaches, there is no law/rule about reporting ransomware attacks. This bill changes this. This is a good move since, introducing the requirement to report of ransomware attacks (whether successful or not) will help the UK better understand the wider cybercrime landscape.
What the Cyber Security Bill means for IT and Security Teams
Cyber Secrity and protection remains one of the biggest threats to organisations and government today and remains one of the biggest budget spends which continues to see an year on year increase along side AI of course.
As we live in an increasingly digital society across almost every industry and service, every organisation needs to have, and will be obligned under the new bill, to have robust security governance and controls in place. Organisations need to shift away from simply deploying products in the hope they will stop attacks and instead ensure they also have effective data on attack vectors and trends as well as having clear kill chain risk analysis and mapping across their entire estate from users and devices, to identity and access, data protection, threat detection, isolution, remiation and of course prevention.
In the context of state-sponsored attacks, national conflicts, and wars, it is evident that cyber attacks have become a standard component of such conflicts, targeting infrastructure, governments, and individuals alike. The Cyber Security Bill emphasizes that sectors such as communications, power, finance, health, education, and transportation, including traffic control systems, are all potential targets.
Cyber Security Bill – Things you can do
The new Cyber Security and upcoming NIS2 requirement presents several opportunities for organisations to prepare and get ready which shoudl underpin their existing cyber security and resiliance programme.
In Cyber Security report by Microsoft earlier, Microsoft Security said that they have seen a ten fold increase in cyber attacks along with a similar attack attempot growth of their own platforms and systems include Microsoft 365 and Azure.
Microsoft say that passwords and account compromose (often leading to phisghing attacks and ransomware attacks) continue to rise the fastest with password attacks per month increasing from 3 Billion attacks per month in 2022, to more than 30 Billion a month in 2023.
Microsoft also say that the UK CyberSecurity market in the UK worth $6.2bn in FY25 and is said to continue to increase at around 20% YoY for the next 4 years. For Microsoft, they see the following key areas of security being of the biggest opportunoity driven by customer demand to protect their businesses and critical infraastucture.
Threat Protection – $2.4bn
Identity Protection & Secure Access – $2.2bn
Security Analytics – $1.6bn
Note: Values are UK TAM for 2025.
Consulting, Assessments and Workshops
Leverage your security partners to help you conduct comprehenise reviews.
Many Cyber Security partners have pre-packaged (often vendor funded) offerings to help businesses of all sizes, through the delivery of tailoured, comprehensive workshops and assessments around the core Zero Trust Security Pillars which loosely fit into the catagories above.
The Cyber Security bill strengthens the powers of regulators, which is likley to lead to more frequent and rigorous security assessments and audits. This means you will likely need to prove you are undertaking these regualry and that you have clear, definaed and proven attack simulation plans, prevent and detect and remediation plans in place.
Security Adoption and Consolidation
In the ever-evolving landscape of cybersecurity, the complexity of security has become a significant challenge for many organisations. With an average of 76 security tools to manage, info sec magazine reports that many organisations are overwhelmed by excessive support tickets, ungainly rulesets, redundant alerts, and cumbersome integrations of different often overlapping security products. This complexity can lead to gaps in security, making organisations vulnerable to cyber threats and huge costs.
As part of any review and assessment, contract renewal and negotiation, most organisations can strengthen their security posture while reducing both spend and complexity through a strategy known as security consolidation. This involves streamlining and integrating various security tools and processes into a cohesive system and leveraging/adopting many of the technologies they may already have but have not turned on – examples of this are the vast security products and services offered in Microsoft 365 E5 which may be under-used or not switched on.
Security consolidation super important is essential for several reasons. Firstly, it can enhances threat detection and response by providing a holistic view of security events, facilitating faster identification of anomalies and coordinated response strategies pulling information from products and suits of products rather than trying to connect. Secondly, it simplifies management and operations, making it easier for security teams to manage and operate, leading to increased efficiency and effectiveness in managing cybersecurity risks. Thirdly, it can massively reduces complexity and cost by eliminating redundant systems and streamlining processes, improving the security posture, and reducing the chances of errors.
The National Cyber Security Centre provides a wealth of resources and guidance on various cybersecurity topics, including security consolidation.
Managed SOC and XDR
In light of the cyber security bill, organisations may consider moving to a Managed Security Operations Centre (SoC) or Managed Extended Detection and Response (XDR) service offered from their MSP provider, CSP provider or specialist Managed Security Provider. These service provide a huge a range of benefits for organisations who dont have the time, resources or desire to manage their security operations including:
Comprehensive Cybersecurity: Managed SoC and XDR services provide comprehensive cybersecurity across an organisations entire IT environment – monitoring threat landscapes, including IT networks, devices, applications, endpoints, and data, for both known and evolving vulnerabilities, threats, and risks.
Reduced Complexity: In most cases, investing in such services can significantly reduce the complexity of managing multiple security tools and processes. Whilst these services “may” take on and suppoprt an organisation’s existing security products , in many cases they will require (as part of onboarding) a more steamlined approach to security management, making it easier for organisations to maintain a robust security posture without having to manage multiple products and services.
Faster Response Times: Managed SoC and XDR services can provide significantly faster and more accurate detection and response times to real and high-risk potential threats. Many will leverage their vast experience, Machine Learning and other advanced technologies like AI and automation to make threat detection and response faster than humanly possible.
More Cost-Effective: Whilst not cheap on the surface, consolidating security operations under a managed service, organisations can potentially reduce the total cost of ownership (TCO) of securioty operations, by eliminating the need for multiple standalone security solutions and sometimes expensive security analysts and consultants.
Access to Expertise: These services give organisations access to highly skilled security experts, which can be particularly beneficial given the current shortage of skills in the cybersecurity industry.
Employee Training and Education
The importance of end-user adoption and training around security awareness must not be overstated. It is a critical component of an any organisation’s cybersecurity strategy. The human factor is often the weakest link in corporate security, with studies suggesting that most cyber attacks are caused by human error. Educating end users on cybersecurity best practices is crucial for reducing the risk of insider threats, phishing attacks, and other cyber threats.
Every business, large and small, needs to develop an effective security strategy mindset that is built into their culture. This ensures that every employee, from frontline staff to managers and executives, understands the importance of cybersecurity and the far-reaching impact that a data breach can have. This means that regular training sessions and awareness needs to be conducted to keep all levels of the organisation updated on the latest threats and defensive practices.
Management plays a key role in this process. They should demonstrate leadership by actively participating in security awareness training, complying with the company’s own cybersecurity policies, and encouraging staff to participate in trainings. This helps to create a culture of enhanced cybersecurity awareness and empowering employees to come forward with observations, suggestions or issues they have seen.
End-user adoption and training around security awareness is a commitment that needs to be made at all levels of an organisation. It is not just about protecting the organisation’s digital assets, but also about safeguarding its reputation and credibility. By making security awareness a priority, organisations can significantly reduce their vulnerability to cyber threats.
Conclusion
In conclusion, the King’s Speech has outlined a much needed robust and forward-thinking approach to cybersecurity in light of the every increasing wave of state nation and cyber terrorism combined with the rapid adoption of generative AI.
The introduction of the Cyber Security and Resilience Bill, as announced in the speech, is set to expand regulation to cover more digital services and supply chains, empower regulators to ensure cybersecurity measures, and mandate increased incident reporting to improve the government’s response to cyber attacks. This initiative is a significant step towards strengthening the UK’s cybersecurity infrastructure and resilience.
In light of these developments, every organisations should take proactive steps to align with these new measures. One of the key steps is preparing for the NIS2 Directive, which aims to establish a higher level of cybersecurity and resilience within organisations of the European Union and will also impact UK organisations. Organisations should start preparing by defining their compliance roadmap and optimising their cybersecurity awareness. They should conduct a thorough audit to identify gaps in their cybersecurity regimen and develop a comprehensive plan to address these gaps and achieve compliance with NIS2 requirements.
Cisco’s annual event, Cisco Live 2024, has seen a huge number of new AI-powered innovations and investments from a Cisco as they took to the stage in Las Vegas. This year the focus has been about powering the AI transformation and has been particularly impactful with the introduction and expansion of AI-enriched solutions across networking, security, and observability domains.
Here’s my take aways from the event based on snipits I watched and blogs from Cisco I’ve read over night on how these advancements are set to further transform the tech industry across almost almost every vertical.
Digital Resilience Through AI
Cisco talked about how their AI-powered innovations which are heavily focussed on the platform that drives transformation (the network and connectivity) are designed to enhance digital resilience, combining the power of the network with industry-leading security and observability. This integration simplifies adoption and provides comprehensive visibility across the digital landscape.
$1 Billion AI Investment Fund
Cisco annouced a new Global AI Investment Fund in a bold move to foster industry innovation and customer readiness and likely help them fund and invest into future aquisitions which is becoming common in the industry with start up innovation and backing. This strategic initiative supports Cisco’s vision of an AI-powered future, connecting and protecting organisations of all sizes through Cisco innovative networking and secure cloud technology platforms.
New Strategic Initiatives
Cisco’s collaboration with industry giants like NVIDIA, Splunk (who they aquired earlier this year) , and others, showcases its commitment to customer success and growth. Cisco referenced some of their largest clients including Steve Madden and McLaren F1 Racing that see Cisco continuing to play a vital role as a strategic ally in business and technology across their entire portfolio from network, security observability and collaboration.
New certifications to empower partners
Designed to prepare partners and ensure skills for the AI powered future, Cisco annouced new AI Fundamentals for their Partners including a new Certification in AI. Cisco plan to ensure they continue to equip partners and the workforce with the necessary skills to thrive in an AI-driven landscape which shows no sign on flowing down.
New innovations to their portfolio announced
Cisco has also announced new AI-powered features for their contact center solutions at Cisco Live 2024. These include.
New capabilities in Webex Contact Center will help organizations design and manage conversational self-service experiences. . This means businesses can automate their customer service to a greater extent, improving efficiency and customer satisfaction.
An AI Assistant is being provided for contact center agents. This assistant can help agents handle customer queries more effectively and efficiently, leading to improved customer service.
Cisco is also enabling the integration of third-party virtual agent solutions into their contact center offerings12. This allows businesses to leverage a wider range of technologies and services to enhance their customer service.
There is no AI without data and networking
With Cisco networking already the motorway for connectivity inside data centres, organisations IT and for connecting people, things and devices:
Nexus HyperFabric AI clusters. This is a “breakthrough” AI cluster solution developed in collaboration with NVIDIA and provides a single place to design, deploy, monitor, and assure AI pods and data center workloads. This means businesses can manage their AI workloads more efficiently and effectively.
Cisco Hypershield support for AMD Pensando DPUs and Intel IPUs,which Cisco say will enables enterprises to “realize an AI-driven, distributed security architecture” that seamlessly goes from the cloud to the data centers to the edge while still being highly performing and energy efficient.
Cisco will also combine the the power of the Splunk with their AppDynamics Application Performance Monitoring (APM) with the introduction of Splunk Log Observer for Cisco AppDynamics. This integration will enable users to drive faster troubleshooting across on-prem and hybrid environments.
Excitement overdrive
As a leading UK Cisco Partner, Cisco Live brought excitement to our teams and will give new innovation enablement for Cisco customers.
Cisco’s innovations will help us continue to help out customer build a more resilient, intelligent, and secure digital environment.
We’re thrilled to share incredible innovation and new AI-powered capabilities for our customers this week at Cisco Live… Cisco is uniquely positioned to revolutionize the way infrastructure and data connect and protect organizations of all sizes, and we are confident we are the right strategic partner for our customers in this era of AI.”
Chuck Robbins |Chair and CEO | Cisco.
For Cisco, it represents a step forward in leading the industry towards an inclusive AI-powered future. And for partners like Cisilion, it’s an opportunity to leverage these advancements to deliver cutting-edge solutions to our clients.
It’s not over yet.
Stay tuned for more updates from Cisco Live 2024, as we continue to explore the possibilities of AI and its impact on the world of technology.
This blog post captures Microsoft’s latest achievements, innovations and recognition in cybersecurity as reported by Forrester in their recent wave report on Extended Dedection and Response (XDR) plafforms. Here is have focussed on the latest developments and Microsoft’s move to leading in this report.
The ever-evolving landscape of cybersecurity, organisations face the challenge of defending against increasingly sophisticated cyberattacks. Based on the analysis performed by Forrester in their 2024 Wave report, Microsoft has yet again risen to the occasion, with them being placed at the far out leader in Forrester Wave: Extended Detection and Response (XDR) platforms – Q2, 2024, pushing them ahead of both Palo Alto and Crowdstrike in this recent report. They have been leaders in this space for over 4 years but this year pulled further ahead than ever before.
In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI
Report By Security Magazine 2023
The Forrester report details how to protect against the constant and more spohisticated AI powered “intelligent attacks”, a Unified Approach to Cybersecurity is needed rather than a traditional add-on and multi-vendor approach. Forrester comment how Microsoft Defender XDR stands out with its unified visibility, investigation, and response capabilities. It integrates seamlessly across endpoints, IoT, OT, identities, email, collaboration tools, SaaS apps, cloud workloads, and data insights, providing end-to-end protection.
Generative A is the Game-Changer
Forrester say that the introduction of Microsoft Copilot for Security marks a significant milestone in Microsoft’s approach to XDR. This generative AI solution simplifies incident remediation, reverse engineers malware code, and empowers analysts with natural language processing to generate Kusto Query Language (KQL) queries.
Microsoft’s Automatic Attack Disruption – also powered by their latest AI and Threat Hunting services, has led to the development of automatic attack disruption features in Defender XDR. This technology can detect and disrupt ransomware and other advanced attacks within minutes, showcasing the power of AI in cybersecurity. The services work seemlessly toegther across their wider Azure and Microsoft 365 security portoflio making these a real multi-layered protect, detect and respond approach rather than multiple products stacked on top of each other.
The Future of Cyber Defense
Microsoft’s recognition by Forrester underscores its dedication to innovation and excellence in cybersecurity. As cyber threats continue to evolve, Microsoft’s XDR and unified security operations platforms will remain essential tools in the arsenal of cybersecurity professionals.
In Microsoft’s own blog post on the matter they state that “We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.”
“Microsoft is refining the most complete XDR offering in the market today, their dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”
Forrester Wave Report: Q2 2024
Summary
Great to see Microsoft continue to innovate in this area, after Satya Nadella stated that they are “priotitising security above all else” in a recent report.
The recent report from Forrester does not of course mean that the other vendors in this report are no good. The familiar vendors such as Palo Alto, Crowdsrike continue to innovate in this space and the others are working hard to move up the quadrant.
Others to mention are Cisco who have moved into the Challengers Quadrant this year, following huge investments in thier Cisco Secure Cloud platform and their continued invenstment to bolster their security portfolio.
It is worth noting that XDR is just one of the security pillars reported on by Forrester and other leading analysts like Gartner.
This week, I had the pleasure of running a Fireside Chat with Mark Brown, who leads the engineering team at Splunk. The chat was streamed live on Linked In and YouTube as part of Cisilion’s monthly technology chat show which has been running for more than three years.
This month, we took to the virtual stage to discuss the acquisition of Splunk by Cisco, the history and innovation that Splunk brings across security and data analytics and observability, and some of the huge success stories and customers of Splunk since the company’s founding in 2003.
Cisilion and Spunk – May Fireside Chat
In this month’s show, we delved into Splunk’s history and capabilities, its evolution over the last 20 years, and its role as a data analytics platform. We talked about Splunk’s diverse customer base, including huge “high street” brands like Siemens and Gatwick Airport, where we discussed how Splunk’s data analytics is helping to enhance operational efficiency and security at the airport and how by processing local traffic and weather data along with real time people traffic in the airport, they help to ensure that LGW meet their people flow SLAs of getting people from check-in and through security.
Finally we talked about why Cisco have acquired Splunk, the market opportuntiy it creates and how partners like Cisilion will be able to leverage this aquisition into the Cisco portfolio over time. Mark talks about this being a strategic move to integrate Splunk’s data analytics with Cisco’s network and security solutions, offering a comprehensive approach to observability and security and giving them a real competitive edge whilst, increasing their market share and making the solutions simpler for their customers.
Using the power of AI, I have used Microsoft Copilot to breakdown the key sections of the video and help you to navigate to areas you think might be useful to you.
(I have a video on how to do this which you can access -> here -<
Cisilion and Splunk Fireside Chat – Key Coversations
[00:01:18] Introduction of Mark Brown from Splunk
Leads the UK solution engineering team
Discusses Splunk’s recent acquisition by Cisco
Highlights the value Splunk brings to businesses
[00:03:00] Explanation of what Splunk is
Describes Splunk as a platform for searching logs in data centers
Evolved into a leader in security and observability
Known as the “Google for the data center”
[00:18:09] Cisco’s acquisition of Splunk
Seen as a natural fit with little overlap in technology offerings
Expected to enhance both Cisco’s and Splunk’s product portfolios
Acquisition aligns with Cisco’s strategy to expand software offerings
[00:08:14] Reference customers of Splunk
Splunk’s reference customers span 110 countries and includes major brands across various industries
Talking through examples including Siemens, Singapore Airlines, and Gatwick Airport
Talking about wider use cases that demonstrate Splunk’s adaptability and impact
[00:14:22] Splunk’s competition in the market
How and where Splunk competes with and partners with various tech companies such as Data Dog and Relic
How Microsoft Sentinel have also become a leader in the SIEM space in just two years and how Microsoft and Splunk are working together to deliver Splunk Solutions to customers in Azure.
How Splunk have been leaders for more than 10 years.
[00:17:46] Cisilion’s perspective on the acquisition
How Cisilion are excited about the integration and potential for new market opportunities and the alignment between Cisco and Microsoft, Cisilion’s two strategic partners.
How we see the acquisition as a way to complete the technology journey for clients bringing together multiple technnologies and creating a single pane of glass for security logs and observability.
Our forward looking view on the game-changing advancements in observability and security this aquisition could bring to Cisco.
00:25:23] The chat continues around use cases, market trends and the future of security and observability
Welcome your views on the video and the discussion as always.
The digital security landscape is constantly challenged by sophisticated threats, making the role of Security Information and Event Management (SIEM) systems more critical than ever. In the 2024 Gartner® Magic Quadrant™ for SIEM, Microsoft and Splunk have been recognised as leaders, demonstrating excellence in vision and execution in the SIEM space.
Gartner said in their 2024 report that “The SIEM market grew from $5.03 billion in 2022 to $5.7 billion in 2023 (see Market Share: All Software Markets, Worldwide, 2023), a 13% annual growth rate compared to a 22% increase the previous year. The primary drivers of a SIEM purchase are threat detection, response, exposure management and compliance. Buyers are seeking a SIEM ecosystem with broad and deep capabilities to satisfy multiple security and business use cases with capabilities to support a diverse environment.”
Image (c) Gartner 2024
The Significance of SIEM in Cybersecurity
SIEM technology is essential for organisations to effectively manage security events and information. It provides real-time visibility across an organisation’s information security systems (multi vendor), providing single pane of glass event log management, compliance reporting, and incident response capabilities. The ability to swiftly detect, analyse, and respond to security incidents is what makes SIEM a cornerstone of enterprise security strategies.
Friends and Foes?
In 2023, Splunk and Microsoft agreed to partnering to help build Splunk’s enterprise security and observability offerings on Microsoft Azure. This means that Splunk solutions are now available for purchase on the Microsoft Azure Marketplace as well as AWS Market place. This is great for both parties and Microsoft Partners who sell and deploy Azure Services to their clients.
Gartner cite Microsoft Sentinel as being best for organisations that require or demand a cloud-native SIEM solution with advanced AI capabilities and integration with other Microsoft security products will find Microsoft Sentinel to be an ideal fit. Sentinel works with a huge number of external cloud and on-premises data connectors (including Splunk).
Splunk’s Data-Centric Excellence in SIEM
Splunk remains a joint leader in the SIEM market, praised as always for their data-centric security analytics solution, The Enterprise Security application from Splunk is available both on-premises and as SaaS. Splunk provides pricing flexibility, which can be based on daily data ingestion or cloud workloads, referred to as Splunk Virtual Compute. Splunk primarily serves large enterprise organizations in North USA
Splunk have said they are launching a new AI Assistant for Security, which will be integrated with Enterprise Security to enhance detection and response functions. Cisco finalized the acquisition of Splunk on March 18, 2024 and we expect to see integration and cross pollenisation of their combined portfolio at somepoint in 2025.
Gartner point out that currently Splunk has a significantly higher-than-average cost compared to other vendors in their report, is more complex to deploy and configure (measured in pro services days) and currently low numbers of sales support staff outside the US – though with Cisco’s aquisiton of Splunk this is likely to change over the next 18-24 months.
Strengths:
Overall observability: The Splunk platform can integrate security, IT, application and other data sources. This, coupled with its federated search and analytics capabilities across third-party data stores, is a strength for clients seeking to build highly enriched queries and alerts.
Extensive integration: Splunk’s integration of SOAR enhances a wide range of common SIEM use cases. Clients wanting quick time to production automation for common SIEM operational functions will find Splunk’s library of playbooks a strength.
User interface: Splunk’s UI and dashboard provide significant customization. Clients requiring custom animations and visualization for specialized monitoring, such as OT or financial systems, will find the UI editor an overall strength
Best Fit
Splunk is particularly suited for very large organisations that value a data-driven approach to security and need powerful analytics to manage complex security environments. Microsoft is actually one of Spunk’s largest customers.
Conclusion
Microsoft and Splunk continue to lead the SIEM market with their innovative solutions. Sentinel offers a world-class leading, cloud-native, AI-enriched platform that simplifies operations and accelerates threat resolution.
Splunk provides a robust, data-centric approach to security analytics, enabling organizations to respond to threats with speed and precision and is ideally suited for the largest of enterprises as well as those who remain mainly on-prem and less “all in with cloud”. Splunk also has a strategic alignment and integration with Microsoft Sentinel.
As a Microsoft and Cisco leading UK partner, we are excited to be working with both Cisco and Splunk (Cisco) in this space with the abiluty to guide and consult around customer hosted, Azure hosted and cloud-native SIEM solutions. We also love ther fact that we can now meet customers on their ground with the ability to deploy Splunk on Azure via the market place to our clients.
Cisco has introduced a new product called Hypershield, which they claim is one of the most significant security products in Cisco’s history. It is expected to be generally available starting from July 2024.
What is Hyper Shield?
Hypershield is a cloud-native, AI-powered system designed to enhance the security of AI-scale data centers. Unlike traditional security products, hyper shield is integrated directly into the network’s fabric, offering a revolutionary approach to protecting digital infrastructure services in data centres, protecting applications, devices, and data across public and private data centers, clouds, and physical locations.
This is the Most Consequential security announcement In Cisco’s 40-Year History
Cisco.
The holistic system promises to bring the security advantages of a hyperscale model to enterprises, allowing security to be embedded in every software component of every application running on the network, on every server, and in both public and private cloud deployments.
How Hyper Shield is different.
Hypershield is different to traditional security “bolt ons” because it not just a new security product or the next version of something that already exists. What makes this different and unique, is that Hyper Shield represents a brand-new security architecture model built from the ground. It uses an open-source technology called eBPF that hyperscalers use to automate patching and other time-consuming jobs. It has the ability to transform every network port into a high-performance security enforcement point and works by blocks application exploits in minutes while preventing lateral movement of attacks.
Innovation from within
I think Hypershield is exciting because it represents a significant shift in how security is approached within the data centre fabric.
“Why we think this is the most consequential is we’re taking what used to be a firewall, an appliance, and we’re like melting into the network. It’s not a separate thing that you add on. It’s like magic. It writes its own rules, it tests its own rules, it qualifies its own rules, deploys its own rules, and then overnight it upgrades itself”
Tom Gillis | VP Security | Cisco
It is built with technology originally developed for hyperscale public clouds Cisco are making this technology available for enterprise IT teams of all sizes regardless of how big their data centre foot print is. It works by enabling security enforcement to be placed everywhere it needs to be, at the application and data layer, which is a major shift and change in how traditional data centre security works. Cisco say that it’s expected to have a significant impact on how businesses protect their digital assets.
With this innovation … we have actually been able to deliver something that’s unlike anything we’ve done in the last 40 years at Cisco. And I will say that we’re just getting started.
Jeetu Patel | Cisco’s EVP
Rather than relying on traditional network and application level firewalls in the datacentre, Hypershield works by essentially providing security boundaries around every application and service. It naturally uses artificial intelligence to learn and adapt, so it gets better at detecting and understand normal activity from attack attempts.
With the $28B aquisition now complete between Cisco and Splunk, both vendors will soon be in heavy marketing mode as they position their new combined offerings (under Cisco) to “unify the full power of network and endpoint data with leading Security and Observability solutions, all underpinned by our highly scalable, AI-powered data platform“.
The combination of Cisco and Splunk will provide truly comprehensive visibility and insights across an organization’s entire digital footprint, delivering an unprecedented level of resilience through the most extensive and powerful security and observability product portfolio on the market.
Gary Steele| VP Splunk.
So what does that mean?
Unification and Choice
According to the new Splunk website and publicly facing collateral, the combining of forces is destined to offer the following value and connected experiences to their combined customer base.
Power the SOC of the Future, by
improving the efficacy, efficiency, and economics of defending organisations and service providers against modern security threats, offering what they claim will be the “most comprehensive security solutions for threat prevention, detection, investigation and response.”
Continuing to deliver Splunk’s existing security and monitoring platforms, while adding Splunk technology to Cisco’s existing portfolio with enhanced network, endpoint and cloud data for” unparalleled insights and faster remediation“.
Enhancing Cisco’s security offerings across the board to help organisations secure users, protect infrastructure, and improve prevention, detection and remediation with Cisco’s User Protection, Breach Protection, and Cloud Protection suites which is fed from Cisco’s Talos data intelligence platform.
Enrich Observability across all and any environment by:
Offering a comprehensive full-stack observability solution, enhancing customers’ ability to deliver seamless digital experiences and prevent downtime across any environment, combining and joining Cisco Thousand Eyes and App Dymanics with Splunk’s portfolio of products.
Continue to offer choice to customers, by offering unified solutions as well as the individual Cisco and Splunk whilst providing unified management and insights.
Create a world leading observability platform through the Integration of the best of Cisco and Splunk technology leading to an holistic ability ability to detect and remediate incidents, empowering IT Teams to focus on enablement, security and digital transformation rather than troubleshooting performance and issues.
What about AI?
Yes… Cisco and Splunk also talk alot about AI empowerment and execution. After all, AI workloads are intense, drive traffic into different places and have a profound impact on how people use and access data and applications.
Aimed more at organisations who build and operate on their own data, rather than consume SaaS, the fuel of AI and its ability to provide information and serve requests is reliant on fast and secure access to models trained on huge volumes of the data.
Cisco beleive that their combined forces will bring an unmatched breadth of data through allowing organisations to build, scale and tune, highly scalable data platforms while ensuring performace and security at scale.
The competition?
The race to empower and secure both traditional and AI powered workloads continues up pace. Cisco have a great history of building arguably the best networking technologies in the world, have one of best SaaS performance monitoring platforms and now with the added arsenal of products from Splunk, puts them in a great position to win over customers, partners and MSPs with a unified offering.
Cisco have struggled to win hearts and minds with security for years but this combining of forces gives them an ACE card to play. Whether they will get this right (from a hearts and minds, price and integration) is yet to be seen, but Cisco have a great track record of integrating technologies from vendors their aquire.
More information
More information around the combined entity of Cisco and Splunk are coming in fast and late last week, Cisco ran a customer and partner briefing which is now available on demand here.
No – it’s not an April Fools Joke – Microsoft yesterday (13th March 2024) announced that their much anticpiated Copilot for Security will be available to buy and use from 1st April 2024.
What Does Copilot for Security Do?
Originally announced a year ago and after extensive testing in private preview, Copilot for Security is aimed at IT Security and Sec Ops teams as it brings Microsoft’s Copilot technology, Microsoft’s threat intelligence services and Machine Learning into a dedicated security service powered by Copilot. .Copilot for Security can processes prompts and responds in eight languages, with over 25 languages supported at launch.
For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview this is a exciting time!
Image (c) Microsoft Security.
Copilot for Security is informed by large-scale data and threat intelligence, including Microsoft’s daily processing of more than 78 trillion security signals – a gaint increase from 65 trillion signals stated just last year. This is largest threat intelligence database in the world. Microsoft do not use any organisational data to train their LLMs.
One huge advantage of Copilot’s conversational abilities is its capacity to rapidly compose incident reports. It can also tailor these reports to be more or less technical based on the intended employee audience, say Microsoft.
Copilot for Security offers a huge variety of capabilities, including:
Human-readable explanations of vulnerabilities, threats, and alerts across all of Microsoft’s security products and services, aswell as, (later) third-party tooling as well.
Answer questions about alerts, threats and incidents in real-time and take action.
Automatically summarising incident analysis and offers recommendations for subsequent actions based on the tools the organisation is licnesed for and/or deployed.
Ability for users to edit the prompt to correct or adjust responses and share the findings with others and create extensive run books based on prompts as well as ability to share prompts with other anaysts in the team.
After nearly a year of various preview stages and vigorous testing both my Microosft Security Expert and enterprise organisations, Microsoft say the feedback has been “overwhelmingly positive.” A recent AI economic study by Microsoft demonstrated that security professionals work 22% faster and are 7% more accurate when utilising Copilot for Security. An impressive 86% of participants reported that Security Copilot enhanced the quality of their work, and >90% expressed a desire to use Security Copilot for future tasks. The report further indicates that security novices, possessing basic IT skills, performed significantly better with Security Copilot compared to members of a control group. Moreover, their superiors expressed greater confidence in their output.
Copilot for Security in Action
A year in readiness.
In the annoucement, Microsoft cited statements from Forrester VP Jess Pollard who said that “Experienced practitioners will reap the most rewards from the capabilities Microsoft offers, and while it’s unlikely to identify threats SOC [security operation center] teams would miss, it does make investigation and response faster”.
Just like Copilot for Microsoft 365 – Adoption and Training is Key
Just like any major technology change such as Copilot for Microsoft 365, adoption, training and practice is going to be vital to get maximum value anmd trust from Copilot for Security. Security teams will need to a fair amount of change management and training to ensure they can take advantage of the Microsoft Copilot for Security. Forrester cited in the report that “it takes around 40 hours of training to get security practitioners comfortable with using Copilot for Security. In addition, we heard that it takes four or more weeks — with many stops and starts — to get practitioners comfortable with the technology.”
With a global shortage of Cyber Security Skills, an exponential growth in attacks and attack surfaces and the rise of AI at cyber crimimals finger tips, Copilkot for Security has been one of the most anticipated uses for Copilot. There is no doubt that Copilot for Security can lower the barrier to entry into the cybersecurity industry, Forrester also said that “Though large language models and generative AI may level the playing field and allow for accelerated security talent development, no amount of out-of-the-box prompt books and guided response steps replace fundamental security knowledge, skills, and experience.”
The Pros Microsoft Copilot for Security
Feedback from Microsoft early-access clients loved about Copilot for Security, including the following:
Making script analysis easier by de-obfuscating and explaining contents.
Accelerating threat hunting by helping write queries based on adversary methods.
Speeding up and simplifying complex KQL queries or PowerShell script creation.
Analysing phishing submissions by verifying true positives and providing inbox details.
Improving analyst experience by reducing the need to swap between various tools.
There are serveral key areas which wont be available at intial launch, but epect to see rapid release cycles and updates once GA. Currently the following is not available but will be added over time.
Single Data Repositories – Copilot currently requires multiple instances for users / organisations that want to silo data between different business units, group companies or geo locations. These will be eventually be rolled into a single instance/interface but today will cause challenges for large MSPs and global / complex organisations.
Third Party Tools – At launch Copilot for Security will not provide integation into third party tools so organisations will need to be using Microsoft’s first party security tools like Defender for Ideneity and Defender for Endpoint. This is on roadmap.
Limited Integfration and Automation: Much of the work Copilot for Security does on day one is around reporting, alterting across mutiple signals sources and behaviour. Whilst it can execute run-books, some services like auto-quarantine and network isolation will not be available at launch.
New Features at Launch
In the annoucement, Vasu Jakkal, corporate VP of compliance, identity, management, and privacy at Microsoft said that as part of the launch, the following new features will be available to Copilot for Security:
Custom promptbooks,: allowing Security Teams to create and save their own natural language prompts for common security workstreams and tasks similar to the notebook feature in Copiolot for Microsoft 365.
Knowledge integrations: Which will enable the connecting of Copilot for Security to customers’ logic and workflow and the ability to perform activities based on company defined step-by-step guides.
Integration with customers’ curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyse the most up-to-date information.
Summarisation in natural language of additional insights from Microsoft Entra audit logs and diagnostic logs for a security investigation or IT issue analysis related to a specific user or event.
New fully customisationable usage dashboards to provide reporting on how teams interact with Copilot.
Which Organisations benefit most?
For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview – Copilot for Security will likley be at tool that provides an indispensable enhancement that will not only reduce workload and increase productivity, but siginifcantly help Security Teams to work better together and detect and respond faster than ever.
Organistions that are not fully invested in Microsoft’s extensive secrtirty portfolio and choose to use other vendors will still benefit, but until wider third party support is available, runinng trials and evaluating the potential move to more Microsoft Security technologies is a smarter move. There will be increased funding pots and incentives to entice organisations to move to Microsoft Security.
Almost every Security vendor is adding Gen AI into their products and services, but today, no other organisation has built what Microsoft have (though this will likley change).
Pricing from $4 per hour
Yes, ok I saved this for the end.
Pricing will be offered through a consumption-based model, allowing customers to pay according to their usage needs. Usage will be categorised into Security Compute Units (SCUs). Customers will be billed for the number of SCUs provisioned on an hourly basis at a rate of $4 per hour, with a minimum usage requirement of one hour. Microsoft say this is an opportunity for any organisation to begin exploring Security Copilot and expand their usage as necessary.
This, lowers the entry point to the solution without a big initial license outlay and should simplify the pilot, on-boarding and rollout process. The PAYG model is also something organisations are used to, making it more accessible and straightforward and avoiding the complexity of traditional stackable licensing schemes.
Microsoft CSP partners, like Cisilion will be key in helping customers to manage their spend, working with the Sec Ops team to tweak and finetune the solution to help map, manage and plan spent.
Last month, and now just a few weeks away from Cisco Live, Cisco have announced they are bringing a new “AI Assistant for Security” to market this year. This is an artificial intelligence tool that combines generative AI technologies with an “unparalleled scope of data” , giving IT/SecOps teams the ability to generate more secure, AI-driven insights that span devices, applications, security, networks, and the internet .
“AI Assistant for Security will help provide better protection to our customers by simplifying management for both seasoned administrators and novice users. Our aim is to inject generative AI and unify telemetry across all Cisco Security solutions to create a more effective experience and safeguard our customers”
Brian Feeney | VP Global security partner sales | Cisco
Cisco AI Assistant for Security marks a major step in making artificial intelligence pervasive in the Cisco Security Cloud. Starting with the Cisco Secure Firewall Management Center, Cybersecurity professionals will be able to leverages Cisco AI Assistant for streamlining and automating firewall management both on premises and in the cloud.
Firewalls first – more later
Cisco have said that they will launch the AI Assistant for firewall as soon as Spring 2024, with this representing a great opportunity for their partners and customers to start leverage the advantages of AI.
Cisco say this will be included and integrated into their cloud-delivered Firewall Management Center with no additional charge. Longer term, Cisco said they plan to extend it to their other firewall management tools later.
Why? Well, according to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.
Image (c) Cisco
The AI Assistant for Security is built on “Ciscos foundation of security, data protection, and privacy, guided by Cisco’s responsible AI principles and framework”. Their AI assistant is trained on Cisco’s huge security-focused datasets, (Talos) which analyses more than 550 billion security events daily and helps IT and SecOps teams in making informed decisions, enhancing their tooling and reporting capabilities, and automating intricate tasks.
“Cisco is harnessing AI to reframe how organisations think about cybersecurity outcomes and tip the scales in favor of defenders. Cisco combines AI with its breadth of telemetry across the network, private and public cloud infrastructure, applications, internet, email, and endpoints. “
Jeetu Patel | VP security and collaboration | Cisco
Cisco say that their Cisco AI Assistant for Security is a major step forward in making artificial intelligence relevant and pervasive in the Cisco Security Cloud – their unified, AI-driven, cross-domain security platform. Cisco Secure Firewall Management Center will be the first platform to leverage the AI Assistant for Security to simplify firewall management.
This should make it much easier to manage and maintaining firewall rules and policies, by enabling administrators to “talk to and administer” the platform to with natural language to find policies, understand rules, spot anonomises and even get suggestions for new rules.
How AI Assistant for Security is different to Microsoft SecurityCopilot?
Scope
Cisco AI Assistant for Security and Microsoft Security Copilot are both artificial intelligence tools that are designed to help IT and SecOps teams work do efficiently, smarter and safer users work faster, but the platforms and services are different in several ways when comparing to Microsoft Security Copilot.
Cisco’s AI assistant is designed to work across (initially) their firewall services (with other services that make up the Cisco Secure Cloud portfolio coming later), Microsoft Security Copilot is designed to assist cybersecurity professionals in investigating critical incidents across their entire security portfolio including Microsoft 365, their XDR platform, Azure and Sentinel. Microsoft Security Copilot doesn’t work across physical security devices like firewalls so the two services are potentially good complementing services.
Microsoft has combined the power of OpenAI’s large language model with Microsoft’s own threat analysis footprints which is informed by more than 100 different data sources across Microsoft 365,Azure and hundreds of this party data analysis companies. It uses the combined intelligence of more than 65 trillion threat signals every day to provide company and sector specific insights, alerts and guidance.
Use Cases
Currently AI Assistant for Security is designed to help organisations better configure their security services (starting with firewalls), detect inconsistencies (for example across different sites, service or offices). This will expand over time however and we expect more to be annouced in Feb 2024 at Cisco Live in Amsterdam.
Use cases for Microsoft Security Copilot include for example the ability to allow admins to use prompting language prompting to ask Copilot to acreste an exec level report on an incident response for a particular ongoing investigation. Copilot will pull data across multiple sources based on the set of interrelated and connected tools and services. Another change of prompt for example could the see Copilot provide more information, change how it displays or summarises the report, or even create lessons learned documents or suggest changes in process.
Cost
According to Cisco, the AI assistant for Security will be generally available for firewall customers in the spring of 2024 at no additional cost via the cloud-delivered Firewall Management Center (FMC) and expanding to other management tools in the future.
Microsoft Security Copilot, however, which is currently in paid public preview is expected to cost >$100k when it’s officially availabily later this year.
A better together story?
As you can see the Cisco and Microsoft’s offering in this space is quite different. While Cisco see their AI Assistant for Security as a way of differentiating their brand in the cyber security space and to leap ahead of the competition in this traditional secoery space (think Palo, HPE, Dell, Checkpoint etc), Microsoft Security Copilot is more geared towards collating security signals from the organisations configuration, reports and signals from Microsoft’s own threat intelligence of 65 Trillion signals, the organisations configuration and third party connected signals to provide almost an AI powered cyber security team.
I very much see this as a “use both” better together theme.
Closing Thoughts
According to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.
As such, launching this with a “firewall first” approach is a sensible move by Cisco to add more value to their offering through the use of embedding generative AI into their core security product base without adding a surcharge or making it “Premium”. It should help to further position Cisco as a Leader in the security space against the fierce completion. I look forward to this being available and for Cisco to increase it’s reach over time to the rest of their portfolio.
Read more
You can learn more about Microsoft Security Copilot at and Cisco’s AI assistant below.
Since HPE (Hewlett Packard Enterprises) broke away from HP in 2015, they have been on an acquisition spree and have made a number of strategic purchase including Nimble Storage, SGI, Cray and SimpliVity. The acquisition of Juniper will be HPE’s largest acquisition to date. The deal is expected to close later this year or early 2025.
Under the acquisition, Juniper CEO Rami Rahim will lead the combined HPE networking business, reporting to Antony Neri, CEO of HPE.
Why have HPE bought Juniper?
The acquisition will add a huge arsenal to HPE’s already impressive networking business and according to HPE will “create a new networking leader with a comprehensive portfolio”.
In the annoucement by HPE they said that “HPE’s acquisition of Juniper represents an important inflection point in the industry and will change the dynamics in the networking market and provide customers and partners with a new alternative that meets their toughest demands,” | HPE CEO Antonio Neri.
HPE claims that this deal will enhance their role at the intersection of fast-growing AI trends, increase their market potential, and foster more innovation for their customers as they assist in connecting the AI-native and cloud-native domains. They also claim that it will create substantial value for their shareholders.
Combining HPE and Juniper’s complementary portfolios supercharges HPE’s edge-to-cloud strategy with an ability to lead in an AI-native environment based on a foundational cloud-native architecture
Antonio Neri | CEO | HPE
This acquisition of Juniper will position HPE as a strong end to end contender in the enterprise and mid market networking space, in a space which is dominated by the likes of Cisco, Arista and Dell.
The coming together of HPE and Juniper will esentially create a networking company that can compete in the growing era of “AI everywhere”. This will give HPE two main vantage points to compete against the network giants like Cisco, Arista and Dell.
HPE should have more capablity, the products and reach to target the data center network infrastructure business with a focus on AI workloads, leveraging Juniper’s expertise and track record in data center and cloud networking whilst also expanding HPE’s edge-to-cloud portfolio offering.
HPE will also gain the ability to leverage Juniper’s investment and maturity in AI powered network management to stregthen and innovate the overall HPE portfolio.
HPE has emphasised this aspect of the deal in their press statement, seeing this as a huge opportunity to leverage the “explosion of AI and hybrid cloud-driven business” and meet the increasing demand for technologies that are needed to connect, protect, and analyse vast amounts of data from the edge to the cloud.
How will impact the competition?
How this impacts the other networking giants will remains to be seen. Much of the success of HPE in this expanded market and where Aruba operates today will be one of great interest as they have traditionally been seen as entry level and far from entperpise class. However, HPE have the change to change all this and reset expections buy taking advantage of Juniper’s MIST and JunOS platform – perhaps breathing new life into Aruba and create a wider, extensive portfolio of products that scale to any market, office and budget but time will tell. This along with the wider HPE and Juniper porfolio could create a comprehensive and consistent offering across every market segment.
From an SD-WAN perspective, it’s also worth noting that HPE own Silverpeak and Juniper is not a market leader in that space. When we look at the wider security portfolio also, it will be interesting to see where HPE they will focus their efforts. Integration of Aruba Clearpass with Junipers’ MIST could be intriguing, or could even put them in the postion to create a competitive solution to Cisco full software defined access (SDA). Time will tell.
As the world continues to prepare, adopt and invest in the new emerging technolgies of AI, this new technology battle field will not just be aimed at the enterprise networking market. This aquisition will put new competition across all market verticles and all segments including mid market, enterprise, service provider and cloud. How this is taken by customers also remains to be seen. Some I have spoken too think that this may make existing Juniper customers re-evaluate their opens and look at the likes of Cisco, Arista or Dell again, while others think it will only bring growth to HPE.
One this is for sure – there will be increased competiton and it will keep the other networking giants on their toes. In these situations this can only be good for the customer as increased competition or a new offence usually creates innovation from all the partners in the space and creates a price compete.
What do you think about the aquisition? Feel free to tell me in the comments below.
Juniper is a leading provider of networking products, including routers, switches, network management software, network security products, secure access service edge (SASE) solutions and software-defined networking (SDN) technology. According to their website "Juniper is dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality".
Who are HPE?
According to their website, "Hewlett Packard Enterprise is the global edge-to-cloud company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High Performance Computing & AI, Intelligent Edge, Software, and Storage, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance".
Today, HPE offers switches via its Aruba Networks business unit which they acquired back in 2015.
Leave a Reply