The ITAM Roundup: 9/15/24
š° News
How generative AI (GenAI) and subscription models are reshaping the IT landscape
Generative AI (GenAI) and subscription models are reshaping the IT landscape, with Gartner predicting that by 2028, major third-party support providers (TSPs) may face failure due to the shift to subscription-based software models. As organizations adopt these models, TSPs must diversify their services, while organizations should assess vendor risks and use escrow arrangements to safeguard software access. Additionally, Gartner highlights how GenAI will reduce software noncompliance risks by automating contract interpretation, helping IT leaders make informed licensing decisions and streamline management processes.
Flexera
Three and Vodafoneās $19B merger hits the skids as UK rules the deal would adversely impact customers and MVNOs
The U.K.ās Competition and Markets Authority (CMA) has provisionally ruled that the $19 billion merger between Three and Vodafone could lead to higher prices for consumers, reduced mobile network investment, and negatively impact mobile virtual network operators (MVNOs). The merger would reduce the number of major mobile operators from four to three, which the CMA believes could harm competition and drive up prices. While the CMA suggested potential remedies, including divesting assets or monitoring network investments, it remains skeptical of the companiesā promises and may prohibit the merger.
Paul Sawers
Progress acquires file management platform ShareFile for $875M
Progress has announced its acquisition of file management platform ShareFile for $875 million, aiming to enhance its portfolio with tools for efficient document sharing and collaboration. The deal, expected to close by November 30, 2024, will add $240 million in annual recurring revenue and 86,000 clients to Progress' customer base. This acquisition allows Progress to strengthen its offerings in secure content collaboration, while ShareFile customers are expected to benefit from Progress' expertise and extensive product portfolio.
Kyle Wiggers
Salesforce unveils Agentforce to help create autonomous AI bots
Salesforce has launched Agentforce, a new low-code suite enabling enterprises to build autonomous AI agents for tasks in sales, service, marketing, and commerce. Unlike traditional chatbots, these AI agents can reason and take independent actions using Salesforce's Atlas reasoning engine. Additionally, Salesforce is offering out-of-the-box agents for various use cases, with pricing starting at $2 per conversation, and plans to release more features and agents in 2025.
Anirban Ghoshal
Microsoft to Boost Windows Security to Prevent Future CrowdStrike-Style Outages
At the Windows Endpoint Security Ecosystem Summit, Microsoft announced plans to enhance Windows security by limiting third-party vendors' access to the Windows kernel, aiming to prevent incidents like the recent CrowdStrike sensor update that crashed millions of devices. The company is focusing on designing more resilient systems, improving anti-tampering protections, and ensuring security solutions can operate outside kernel mode to avoid performance conflicts. Microsoft also emphasized the need for stronger collaboration with security partners to develop robust, secure systems moving forward.
https://petri.com/microsoft-windows-security-crowdstrike-outages/
Oracle Pushes Cloud Transformation for Multicloud, Dedicated Regions at CloudWorld 2024
At Oracle CloudWorld 2024, Oracle emphasized its multicloud strategy by embedding Oracle Cloud Infrastructure (OCI) data centers within major providers like AWS, Google, and Microsoft, while also expanding its own cloud offerings, including new private cloud options and dedicated regions. Oracle's multicloud approach allows services from different clouds to work seamlessly together, marking a shift in cloud interoperability. The event also highlighted innovations like Dedicated Region 25 for compact cloud deployment and superclusters for AI workloads, alongside real-world use cases from companies like Uber and Skydance Animation leveraging OCI for scalable growth.
Sean Michael Kerner
Amazon to Invest $10B in UK, Continuing AWS Expansion
Amazon Web Services (AWS) plans to invest Ā£8 billion ($10.5 billion) in the UK over the next five years to expand its cloud infrastructure, creating up to 14,000 jobs and contributing Ā£14 billion to the UK's GDP. This investment, part of AWS's broader global expansion, will help bolster the UK's economy and support the new Labour government's goals for economic growth. The move also underscores AWS's strategy to maintain its competitive edge against rivals like Microsoft in the rapidly growing cloud services market.
Bloomberg News
Fortinet admits miscreant got hold of customer data in the cloud
Fortinet has acknowledged a data breach involving unauthorized access to a small subset of customer data on a third-party cloud storage service, affecting less than 0.3% of its customers. Despite this breach, Fortinet asserts that its operations and services remain unaffected and no evidence of ransomware or broader network access has been found. The breach comes amid a troubling year for Fortinet, with several critical vulnerabilities and security incidents already impacting its reputation.
Iain Thomson
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing
Adobe's recent patch for a remote code execution vulnerability in Acrobat, CVE-2024-41869, did not disclose that it was a zero-day exploit or that a proof-of-concept (PoC) exploit was available. Although Adobe rated the vulnerability as "critical," it was assigned a CVSS score of 7.8, indicating a high but not critical severity. Researchers criticized Adobe for not highlighting the exploit's potential impact, which may lead to delayed prioritization and response by system administrators.
Connor Jones
AI at the edge: Dell and Red Hat team to elevate cloud-native workloads
Dell Technologies and Red Hat have partnered to enhance cloud-native application infrastructure and virtualization, focusing on AI and hybrid cloud environments. Their collaboration integrates Dellās PowerEdge servers with Red Hatās AI-optimized Linux platform, aiming to simplify AI and cloud-native application deployment and management. This partnership also targets improving edge computing performance and data mobility across hybrid infrastructures, providing scalable and low-latency solutions for modern AI workloads.
Victoria Gayton
š Tips
The Future of Windows and Copilot: Paul Thurrott on Practical 365 S4 E7
In this episode of the Practical 365 Podcast, Paul Thurrott discusses the rapid integration of AI into Microsoft's products, particularly Windows and Microsoft 365 Copilot, highlighting both opportunities and challenges for businesses and IT professionals. AI is advancing faster than traditional IT, and while it offers potential as a "co-pilot" to enhance human work, it requires careful oversight to ensure accuracy. Thurrott also explores Windows' future in an AI-driven world and questions whether Microsoft should focus more on making Windows reliable while leaving AI innovation to partners.
Steve Goodman
How ITAM fights cyber threats at every stage of the IT lifecycle
IT Asset Management (ITAM) enhances cybersecurity by managing IT assets through all phases of their lifecycle, from specification to retirement, preventing security breaches at each stage. ITAM helps organizations select secure products, verify legitimate procurement, ensure secure configuration during development and deployment, and maintain visibility over operational assets to quickly address vulnerabilities. In the retirement phase, ITAM enforces secure disposal practices like data wiping and regulatory compliance to eliminate risks from decommissioned assets.
Jayne Franiuk-Kelly
šBugs & Exploits
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed that a high-severity vulnerability (CVE-2024-8190) in its Cloud Services Appliance (CSA) is now being actively exploited in attacks, affecting a limited number of customers. The flaw allows remote code execution for authenticated attackers with administrative privileges on CSA versions 4.6, prompting Ivanti to advise upgrading to CSA 5.0 for continued support. In response, CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch affected systems by October 4, 2024, due to the significant risk it poses.
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers with a new Linux malware called "Hadooken," which installs a cryptominer and a DDoS tool, exploiting weak credentials. The malware drops scripts to move laterally across networks, set up cron jobs, and disguise malicious processes as legitimate ones, while wiping system logs to evade detection. Though primarily observed on Linux, researchers found evidence that Hadooken may also enable ransomware attacks on Windows systems, with ties to the RHOMBUS and NoEscape ransomware families.
