The ITAM Roundup: 11/6/23

Early first impressions of M365 Copilot:

M365 Copilot is out, and Steve Goodman from Practical365 got to see in action in London at Microsoft Envision. An example for meetings:

What Copilot offers appears to be in-context meeting summarisation; if for example, you are late to a meeting; or you are pulled out of a meeting in progress for five minutes, then you can ask what happened while you were away. Or, if you missed the meeting you can dig into the details; and post-meeting is where the crossover begins.

First Impressions as Microsoft 365 Copilot Reaches GA

In this blog, Steve Goodman gives his first impressions of Microsoft 365 Copilot based on what was shown at Microsoft’s Envision Conference in London.

Practical 365Steve Goodman

Palo Alto Networks double dips in $1B of acquisitions:

Last week – Dig Security for ~$400M. This week, Talon Cyber Security for $625M.

Confirmed: Palo Alto has acquired Talon Cyber Security, sources say for $625M | TechCrunch

Palo Alto Networks has just confirmed one more major piece of security startup M&A out of Israel: It has acquired Talon Cyber Security, a specialist

TechCrunchIngrid Lunden

Being Proactive with an IT Risk Assessment:

The sheer volume of bug and exploit news lately emphasizes the critical role of IT asset management (ITAM) in cybersecurity, particularly for managing cloud services and compliance with financial regulations. Non-compliance with such regulations can result in severe penalties, in both a financial and operational sense. Snow's article gives guidance on how to get started getting a lay of the land.

Proactive IT Risk Assessment: Ensuring Data Security

The awareness for IT risk assessments has grown over the past several months with new regulations and agency guidelines. And now, with new SEC

Snow SoftwareHayley Salyer

Make ITSM more dynamic by integrating with GitHub:

Ivanti discusses the advantages of integrating IT Service Management with GitHub to streamline and accelerate deployment processes. The integration enables automatic creation of change records when a developer commits code, and it can link change requests to specific commits for better traceability. This connectivity also facilitates compliance with various standards by maintaining a clear audit trail of changes.

How to Accelerate Deployment with an ITSM-GitHub Integration | Ivanti

Learn how to accelerate and protect GitHub deployment by integrating with service management software.

IvantiDavid Pickering

It's time to think about AI governance:

The proliferation of advanced AI in business necessitates comprehensive AI governance, which is segmented into organizational, use case, and model levels, as explained by Andrew Gamino-Cheong of Trustible. Organizational governance sets the ethical framework and prepares for AI regulation compliance, while use case governance ensures AI applications are assessed for risk and comply with legal standards. Model governance focuses on the technical evaluation of AI systems, ensuring they are fair, accurate, and secure. As AI becomes integral to business, these governance layers are critical for managing risks and maintaining ethical standards in AI deployment.

A Three-layered Model of AI Governance - Spiceworks

Learn about the three layers of AI governance from Andrew Gamino-Cheong, co-founder & CTO of Trustible.

Spiceworks

Okta hit by another data breach:

Okta just can't catch a break lately. This latest issue stems from a 3rd party vendor (Rightway Healthcare). While this is not Okta the application itself being compromised, it does raise questions about future attacks, as this exploit resulted in personal information about Okta employees being obtained. This would lend itself to social engineering attacks down the line.

Okta hit by another breach, this one stealing employee data from 3rd-party vendor

Threat actor gained access to vendor’s IT environment and exfiltrated personal data.

Ars TechnicaDan Goodin

Don't wait to patch Citrix...

The exploit I referred to in the update on 10/22 is not going away. Ransomware hackers are actively exploiting this critical vulnerability in Citrix hardware, which allows them to circumvent multi-factor authentication and access enterprise networks. This vulnerability, known as Citrix Bleed and rated 9.4 in severity, exposes session tokens that are assigned to authenticated devices. Citrix released a patch for the flaw (CVE-2023-4966) three weeks ago, but the exploitation has intensified recently.

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

By some estimates, 20,000 devices have already been hacked.

Ars TechnicaDan Goodin