News & Events

< 2019 >
  • BMC Helps IT Operations Accelerate Business Innovation with New Advanced Analytics and Automation
    All day

    HOUSTON – June 6, 2019 – BMC, a global leader in IT solutions for the digital enterprise, today announced the latest update to its TrueSight portfolio to help IT teams more easily adopt and extend the value of Artificial Intelligence for IT Operations (AIOps) throughout their organizations – both on-premises and in the cloud.

    “Existing IT operations tools and processes cannot cope with the speed, data volume, and complexity of modern hybrid IT environments,” said Nayaki Nayyar, President, Digital Service and Operations Management at BMC. “We are continually innovating our TrueSight portfolio to help cloud and IT operations teams to predictively monitor, auto-remediate, as well as optimize capacity, cost, and security of business services and applications – all while ensuring high performance levels, reducing risk, and driving cost efficiencies.”

    With BMC’s TrueSight solutions, cloud and IT operations teams can deploy machine learning and advanced analytics along with automation. New capabilities include:

    • Advanced Event Analytics to speed root cause identification by 50%: Identifies patterns and abnormalities of events related to applications, enabling IT operations teams to continually optimize application performance.
    • Business Service Views to proactively manage on-premises and cloud infrastructure usage, cost, and security for a business service: Prevents IT resource shortages that cause application failures or slowdowns and avoids over-provisioning, all while reducing infrastructure-related application failures.
    • Event-Driven Compliance for CloudOps: Automates policy-based governance of security whenever a change is made to reduce risk and integrates to change management workflows for better control and fully documented audit trails.
    • Advanced Orchestration for automated event remediation to reduce MTTR by 50%: Deploys automated event remediation workflows with tight integration between AIOps processes for event triage and orchestration to speed mean-time-to-repair (MTTR) and optimize customer experience.
    • Continuous Cost Optimization to reduce spend by 25%: Uses machine learning and automation to identify and address inefficiencies in IT infrastructure and cloud service usage, helping customers to reduce operational costs, optimize performance, and eliminate wasted spend.
    • New Knowledge Modules: Includes support for Pivotal CloudFoundry, Kubernetes, SAP Hana, and Oracle Enterprise Database. Enables customers to easily consolidate infrastructure and app monitoring of many different technologies from a single console.

    “We use TrueSight to holistically monitor and manage our complex and ever-changing IT environment,” said Doug Greene, Senior Director of Production Operations at Cox Enterprises. “The new advanced analytics available in TrueSight Operations Management, especially the event noise reduction and automation, have the potential not only to make our IT staff more productive and efficient, but also to improve the service we deliver to our customers.”

    “While analytics is not new, it is a rapidly growing segment, and BMC has focused on some key differentiators,” said Roy Illsley, Distinguished Analyst at Ovum. “Firstly, making the capacity planning capabilities an integrated part of the IT operational management tool kit. Secondly, integrating the security and governance capabilities into the solution so that SecOps can now become operational. Finally, extending the breath of the management into the cost optimization area, which is making IT operations more relevant to line of business customers. BMC has made TrueSight AIOps optimized for the demands of IT departments that must operate in a new digital economy.”

    Cloud and IT operations teams need to move to a predictive and proactive service model in order to respond more quickly, efficiently, and accurately. The TrueSight portfolio’s new capabilities will help customers continue to support business innovation even as digital business requirements and infrastructures become more complex.

  • Data Insights on the BlueKeep Vulnerability
    All day

    LUIS GRANGEIA | JUNE 13, 2019

    On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical interface. This vulnerability, if exploited by an external attacker, will lead to full system compromise, without requiring any form of authentication or user interaction.

    Microsoft has since issued two strongly worded blog posts here and here, warning system owners to patch their systems. In an unusual step, they even provided fixes for operating systems that have long been in “End of Life” unsupported status, namely Windows XP and Windows Server 2003.

    Microsoft has made several links between BlueKeep and the EternalBlue vulnerability used by the WannaCry worm several years ago. The comparison between these two vulnerabilities is pertinent, as both can be exploited without user authentication and require no additional interaction. In other words, both are “wormable” vulnerabilities.

    Our Insight

    Our mission at BitSight involves collecting externally observable signals that help measure a company’s IT security posture and providing information that organizations need to manage and improve their own security performance and address security issues throughout their extended business ecosystem. In some cases there are vulnerabilities that pose significant risks to an organization which can also be observed externally. We believe that the way companies will handle this issue in the next few weeks can provide valuable insight into their cybersecurity posture. Therefore, since May 31st we have been collecting information about the exposure and vulnerability status of systems vulnerable to BlueKeep.

    The Numbers

    There are reports of reliable exploits for this vulnerability privately circulating, including unconfirmed reports of an exploit being available for purchase on the darknet as early as September of 2018. One information security professional, Robert Graham, created a tool to check the presence of the vulnerability on any given system, and subsequently performed a full Internet scan to check for exposed vulnerable systems; he identified over 900,000 systems vulnerable to this issue.

    We incorporated Robert’s tool into our own Internet scanning platform to continuously monitor for vulnerable systems. The following chart provides the global numbers we obtained for affected systems. We confirm the recently published numbers from Robert, which indicate close to one million vulnerable systems exposed to the Internet.

    Systems with RDP exposed externally with Network Level Authentication (NLA) enabled were not vulnerable to the issue prior to the patch being released and remain protected.

    We can also provide the exposure by country. The following chart shows the top 15 countries with the most exposure to this issue, ignoring NLA enabled events.
    top countries bluekeep exposure
    Countries have responded differently to patching their systems, as can be seen in the following graph, where we correlate between number of RDP systems exposed without NLA and ratio of patched systems.

    Since countries with very low exposure can have skewed results, we filtered out systems with less than 20,000 exposed RDP hosts.
    top patching coverage by countrySimilarly we can show the exposure to this issue by Industry sector, for all companies in our inventory. The chart below shows the ratio of companies that contain at least one vulnerable system, companies that have patched or are protected by an additional layer of authentication (NLA) as well as companies that do not have RDP exposed. We can see that Telecommunications, Education and Technology companies are the most affected. Telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector.
    bluekeep affected countries by industry


    EternalBlue versus BlueKeep

    Based on the data we collected beginning May 31 and the historical data available from 2017, we can compare the number of exposed systems immediately before each bug was acknowledged and patched by Microsoft.

    Note that EternalBlue was the bug used in the WannaCry worm, let loose on the Internet approximately two months after the Microsoft EternalBlue advisory and patch.

    eternalblue vs bluekeep

    In this graph we are comparing potential exposure around the date both bugs were announced, disregarding patching.

    We are estimating potential exposure for EternalBlue by counting the number of SMBv1 hosts exposed on the Internet during April 2017, and for BlueKeep we are counting the number of RDP exposed hosts with NLA disabled during May 2019.

    We can see that the situation is very comparable in terms of exposed systems, with BlueKeep having a larger number of exposed systems at the time of bug announcement and patch release.

    Regarding exploit availability, the situation is slightly different. In the case of the EternalBlue vulnerability, a reliable exploit was leaked almost simultaneously to the patch being released. With BlueKeep there is no widely available exploit circulating at the time of this writing, but there have been several reports of proof of concept exploits being easily created by reverse engineering the patch.

    It will be interesting to understand if the wide availability of a reliable exploit is a differentiating factor regarding the possibility of mass exploitation or a worm being released.

    In any case, the destructive potential is clearly similar or worse than WannaCry, especially if patching is not taken seriously.

    Individual Companies Affected

    BitSight follows responsible disclosure, and we are committed to never publicly naming specific companies affected by these or other vulnerabilities. The information for affected systems is available in our portal for all rated companies. We provide free access for a limited period of time to all rated companies and will always work with any rated entity to improve the accuracy of its rating and the information we base our ratings on, regardless of whether it is a paying customer.

    What Comes Next

    Having vulnerabilities is an inevitability of running a modern business. How companies manage and respond to these vulnerabilities is the distinguishing factor for security resilient businesses. We measure this particular data as part of our Patching Cadence risk vector, in which we negatively impact ratings for companies with vulnerabilities that remain unresolved for a long period of time, and conversely positively impact the rating of companies which quickly respond to these high severity issues.

    We will be monitoring how companies will respond to this issue by continuing to observe the patching response and measuring the time each company takes to mitigate this issue. We will update this post with additional relevant data as the situation unfolds.

    Customers can access our portal to identify companies in their portfolio that are affected by this vulnerability by choosing “CVE-2019-0708” under the “Vulnerability” portfolio filter. Customers can also access individual events by accessing the “Patching Cadence” risk vector under the “Diligence” risk category.

    Companies should also follow these recommendations, originally provided by the National Security Agency:

    In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:

    • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
    • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
    • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
  • ServiceNow Receives “Positive” Rating in “Gartner Vendor Rating: ServiceNow”
    All day

    Hungry and humble. That’s one of our core values at ServiceNow and frankly, how I’ve always loved to work and learn.  We don’t usually talk about this externally much (humble, right?) but I think it’s part of what makes ServiceNow a great place to work.

    The belief that customer success is our success has been part of our DNA from our early days as an ITSM vendor. It’s still a core belief now that we’re a digital transformation leader providing the platform for our customers to create valued customer, employee and IT experiences with digital workflows. We know this is more than good business practice. Over time, it leads to recognition and new opportunities.  Today, I am pleased to share that our focus on customer success has resulted in a Positive vendor rating by industry analyst firm Gartner.

    Being evaluated in a Gartner Vendor Rating is a humbling moment for us. It’s the first time a third-party industry analyst has issued a report on ServiceNow, which we believe that asks this question: Do we have the vision, investments and capabilities it takes to be a strategic partner for digital transformation? (Spoiler alert: the answer is yes!)

    We couldn’t have done this without our customers and partners.  We don’t take that fact for granted.  Digital transformation is a complex and multi-year journey for companies. Recognition as a trusted strategic partner is something we will work hard to earn every day.

    For more about Gartner’s Positive Vendor Rating of ServiceNow, check out the full report here.