NSA awards $2 billion contract to HPE for managed cloud

The U.S. National Security Agency (NSA) awarded a 10-year, $2 billion contract to Hewlett Packard Enterprise (HPE) for high-performance computing (HPC) technology as a service through the HPE GreenLake platform.

The HPE GreenLake platform provides fully managed, secure cloud services on-premises.

HPE said its service includes a combination of HPE Apollo systems and HPE ProLiant servers, which ingest and process high volumes of data, and support deep learning and artificial intelligence capabilities. As part of the HPE GreenLake service, HPE will build and manage the complete solution that will be hosted at a QTS data center, a hosting facility that delivers secure, compliant data center infrastructure and robust connectivity to support scaling of operations.

The new service will go into use starting in 2022.

“Implementing artificial intelligence, machine learning and analytics capabilities on massive sets of data increasingly requires High Performance Computing (HPC) systems” said Justin Hotard, senior vice president and general manager, HPC and Mission Critical Solutions (MCS) at HPE. “Customers are demanding HPC capabilities on their most data-intensive projects combined with easy, simple, and agile management. By using the HPE GreenLake platform, which delivers secure on-premises solutions as a service, the National Security Agency (NSA) is gaining industry-leading HPC solutions to tackle a range of complex data needs, but with a flexible, as a service experience.” 

https://www.hpe.com/us/en/greenlake.html 

Read More

Dell'Oro: Network Security Appliance market growing at 9% clip

Network Security Appliance market revenue grew nine percent year-over-year in 2Q 2018, according to a new report from Dell'Oro Group.

"The Firewall –Enterprise segment again realized robust growth in 2Q 2018, increasing 15 percent year-over-year to record levels," said Casey Quillin, Director at Dell'Oro Group. "Networks now require protection against numerous vulnerabilities, from securing connectivity for multiple users and device types to mitigating the risks of delivering disparate applications in hybrid Cloud environments. New products addressing, especially those with application-aware or next generation functionality, are driving high-end firewall revenue growth," Quillin continued.

Some highlights:

• The top Firewall –Enterprise vendors in ranking order are Cisco, Palo Alto Networks, Fortinet, Check Point, Huawei, and Juniper.
• The Application Delivery Controller market revenue increased four percent year-over-year and unit shipments were up two percent.
• Virtual WAN Optimization market was flat year-over-year for the third consecutive quarter. Revenue growth in virtual appliances could not offset declines in physical appliance sales.
• 
  

Read More

WSJ: Russian hackers stole NSA data in 2015

There was another major cyber breach at the U.S. National Security Agency. According to a report from The Wall Street Journal, an NSA employee accessed classified information using a personal computer at home that was running  Kaspersky's antivirus software. The incident reportedly occurred in 2015 and led to the cyber theft of sophisticated hacking tools used by the NSA's Tailored Access Operations group.

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108

Read More

Cisco Confirms EPICBANANAS, EXTRABACON NSA Exploits

Cisco confirmed that its ASA and PIX firewalls were targeted to by exploit code posted online by the "Shadow Brokers" purporting to be stolen infiltration tools of the National Security Agency (NSA).

There were three references to exploits that affect Cisco ASA, Cisco PIX, and Cisco Firewall Services Module: EXTRABACON, EPICBANANA, and JETPLOW.

Specifically, the Cisco Product Security Incident Response Team (PSIRT) has published an event response page (ERP) and the security advisories addressing the vulnerabilities that could be exploited by the code released by the “Shadow Brokers”:

• Cisco ASA SNMP Remote Code Execution Vulnerability
• Cisco ASA CLI Remote Code Execution Vulnerability
• The Cisco ASA SNMP Remote Code Execution vulnerability is a newly found defect, and TALOS and Cisco IPS have both produced signatures to detect this issue.

http://blogs.cisco.com/security/shadow-brokers

Read More

Hortonworks to Acquire Onyara for Apache NiFi Expertise

Hortonworks agreed to acquire Onyara, Inc., the creator of and key contributor to Apache NiFi, a top-level open source project. Financial terms were not disclosed.

Hortonworks,  which offers enterprise Apache Hadoop solutions, said the deal will help its customers to automate and secure data flows and to collect, conduct and curate real-time business insights and actions derived from data in motion. As a result of the acquisition, Hortonworks is introducing Hortonworks DataFlow powered by Apache NiFi which is complementary to its Open Enterprise Hadoop platform, Hortonworks Data Platform (HDP).

Apache NiFi was made available through the NSA Technology Transfer Program in the fall of 2014. Over the past eight years, Onyara’s engineers were the key contributors to the U.S. government software project that evolved into Apache NiFi. In July 2015, NiFi became a Top-Level Project, signifying that its community and technology have been successfully governed under the Apache Software Foundation.

“Hortonworks is focused on doing everything possible to enable our customers to transform their business through data-driven insights and actions,” said Rob Bearden, chief executive officer at Hortonworks. “Onyara’s impressive work on security and simplicity in NiFi, combined with their commitment to open source makes for a perfect addition to our technology team.”

http://nifi.apache.org
http://www.onyara.com/

Read More

NSA Releases Niagarafiles Flow Analysis Tool as Open Source

The National Security Agency announced the public release of a software tool called "Niagarafiles (Nifi)" that automates data flows among multiple computer networks, even when data formats and protocols differ. The code is being released through the Apache Software Foundation.

Nifi, which was developed by the NSA, is used to create situational awareness from flows of information coming from geographically dispersed sites.

NSA said that by releasing this technology as open source code will allow the private sector and others to examine the agency's research up close, and potentially benefit from it through additional enhancements and applications. At the same time, the government can gain from related research advances.

"NSA's innovators work on some of the most challenging national security problems imaginable," said Linda L. Burger, Director of the NSA TTP. "Their research breakthroughs often have broad, commercial applications, too. We use open source releases to move technology from the lab to the marketplace, making state-of-the-art technology more widely available and aiming to accelerate U.S. economic growth."

https://www.nsa.gov/public_info/press_room/2014/nifi_announcement.shtml

Read More

NYT: NSA Hacked Chinese Servers

The National Security Agency penetrated Huawei's corporate network to tap the communications of its executives, gain insights into the workings of its routers/switches and to develop backdoors enabling it to penetrate the networks of its customers, according to reports published over the weekend by The New York Times and Der Spiegel.  The articles cite NSA documents from 2010 disclosed by Edward Snowden on operation "Shotgiant."

http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html

http://www.spiegel.de/international/

Read More

Internet Companies Call for Reform of Government Surveillance

Seven leading Internet companies issued a joint call to reform current laws and practices covering online surveillance by government agencies and law enforcement in the United States.

In an open letter to President Obama and members of Congress, the companies urge the U.S. to take the lead and "make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight."  

The companies said they believe this reform should be based on five principles:

1. Limiting governments' authority to collect users' information
2. Oversight and accountability
3. Transparency about government demands
4. Respecting the free flow of information
5. Avoiding conflicts among governments.

Signatories are Aol, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo!.

http://reformgovernmentsurveillance.com/

Read More

NYT: N.S.A. Report Outlined Goals for More Power

The New York Times reported on a top secret, 2012 N.S.A. document leaked by Edward Snowden that outlines the agency's ambition to expand its surveillance powers through new access channels, by integrating its technical tools and by leveraging global business trends in data and communications services.

http://www.nytimes.com/2013/11/23/us/politics/nsa-report-outlined-goals-for-more-power.html

Read More