Sunday, 18 February 2018

Arista almost done with Cisco workarounds as revenue and profit soar

Customer certification delays resulting from Cisco's ongoing litigation have delayed some of its revenue, but Arista Networks has achieved a good fourth quarter 2017 and full year performance.

The company announced Friday revenues of $ 467.9 million for Q4 2017, up 42.7% over Q4 2016 and a result of $ 1.6 billion in 2017, up 45.8% over the same period last year. compared to 2016. Fourth-quarter earnings were 103.8 million full years.

In part, the results reflect the end of the lawsuit. The company announced the availability of its workaround for the so-called "945 patent" in September 2016, but CEO Jayshree Ullal said that during the earnings call, customers had to start certifying that Workarounds would work in their environment.

"The majority of these certifications were completed in the fourth quarter," said Ullal, but "some overflowed in the first quarter."

Only the most complex cases missed the end of 2017, she said.

Microsoft has provided a highlight for the company. According to Mr. Ullal, Arista was able to expand its activities in Redmond's business and, thanks to international expansion (for example, a data center in Israel), Redmond accounted for 16% of the company's sales (as in 2016).

Ullal expects Arista's other "cloud titan" clients to continue growing, and at the same time, this segment will rebalance the business towards non-US revenues (earlier this month, the Cisco's nemesis) made a similar prediction could flatten out, big clouds need to create data centers closer to users in the rest of the world). Over time, up to 60 percent of Arista's business could come from international markets, she said.

The move to 100 Gbps Ethernet and 400 Gbps Ethernet is starting, but Ullal says it's a trend that will last for many years: Current 100 Gbps deploys serve what it calls a long queue of ports 10 Gbps and a growth number of ports 40 Gbps.

A similar model will be played in the fastest speeds: 400 Gbps Ethernet will take its place to trunk traffic driven by workloads of 40 Gbps and 100 Gbps. In most of Arista's biggest customers, she believes that the 400 Gbps trial will begin in 2019.

As we reported last week, Arista won another victory, confirming the previous ruling of the Trial and Appeal Board to invalidate Cisco's "Patent 668" (US Patent 7,224,668, which covers security and traffic of the calling aircraft). flow management ").

Arista results documents are there for those of you looking for safe sleep aids. ®

Sunday, 11 February 2018

That mega-vulnerability Cisco dropped is now under exploit

Hackers are actively trying to use a very serious vulnerability in commonly used Cisco network software that can give full control over secure networks and access to all traffic that passes through it, the company warned.

When Cisco officials revealed the bug last week in a series of Adaptive Security Appliance products, they said they had no evidence that someone was actively using it. Earlier this week, the officials updated their advice to indicate that this was no longer the case.

"The Cisco Product Security Incident Response Team (PSIRT) is aware of the public knowledge of the vulnerability described in this advisory report," wrote the officials. "Cisco PSIRT is aware of attempts to abuse the vulnerability described in this advisory report."

The update does not state how widespread the attacks are, whether one succeeds or who executes them. Craig Williams, a Cisco researcher and director of outreach for Cisco's Talos security team, wrote on Thursday about the vulnerability: "This is not an exercise ... Wait right away." Exploitation, albeit weak DoS to date, has been observed in the field. "

The tweet seemed to suggest that effective attacks with code execution still had to succeed in the active attacks. A separate tweet from independent researcher Kevin Beaumont on Friday shortly before this post said: "Someone has just tried the Cisco ASA vulnerability on my honeypot.

In a follow-up tweet, Beaumont also indicated that the attack had not performed the code successfully.

The warning for in-the-wild exploit attempts came around the same time that Cisco warned that the vulnerability - which already had the maximum severity score of 10 under the Common Vulnerability Scoring System - posed an even greater threat than originally thought. The revised review was based on a detailed survey conducted by Cisco researchers after the release of last week's original advice based on findings from external security company NCC Group. As a result of the new findings, Cisco has issued a new set of patches to replace the previously released patches.

"After broadening the survey, Cisco engineers encountered other attack vectors and features that were affected by this vulnerability, which were not originally identified by the NCC Group and then updated the security advisory that Cisco officials wrote on Monday." In addition, it has also been found that the original list of fixed releases published in the security advice later proved to be vulnerable to additional denial of service conditions. "

The maximum priority rating of the vulnerability results from the relative ease of use, combined with the extraordinary control if it produces successful attackers. Devices with Cisco ASA software are usually located on the edge of a secure network, making them easy to find by outsiders. Once they have been exploited, the devices allow remote hackers to seize the administrative control of networks and to monitor all traffic going through them. About Cisco products include:
  1. Industrial safety equipment from the 3000 series (ISA)
  2. Adaptive security equipment from the ASA 5500 series
  3. ASA 5500-X series next generation firewalls
  4. ASA Services Module for Cisco Catalyst 6500 series switches and Cisco 7600 series routers
  5. ASA 1000V Cloud Firewall
  6. Adaptive Security Virtual Appliance (ASAv)
  7. Firepower 2100 series security device
  8. Firepower 4110 Security device
  9. Firepower 4120 Security device
  10. Firepower 4140 Security device
  11. Firepower 4150 Security device
  12. Firepower 9300 ASA security module
  13. Firepower Threat Defense Software (FTD)
  14. FTD Virtual
People using one of these devices should ensure that they are protected with the latest patches as soon as possible .

Tuesday, 6 February 2018

Apple and Cisco Team Up on Cybersecurity

Apple and Cisco are now offering companies insurance policies to protect them financially against cyber attacks.

Insurance policies are part of a larger package that also contains business security assessments. As part of this offer, the Aon professional services firm will provide business security advice, while the Allianz insurance company will offer discounted cyber security coverage, provided that some customers use certain Apple devices and products. Cisco security.

"We are pleased that insurance executives recognize that Apple products (aapl, -2.75%) offer superior cybersecurity and that we have the opportunity to make cybersecurity more accessible to our customers," Tim said. Cook, Apple's CEO. in a statement.

Chuck Robbins, CEO of Cook and Cisco (csco, -4.47%), said in June that the two companies were considering a joint insurance policy for companies using their two products, but that they were their business partners. insurance at that time. have not made public.

This decision underscores Apple's desire to become a leading enterprise technology provider that sells its leading iPhones, iPads and Macs to businesses.

Get a fact sheet, the Fortune Technology Newsletter.

Apple signed a partnership with Cisco in 2015, in which the two companies share technical teams that can better match their respective technologies. At the time, the two companies were striving to make Cisco's network, video and web conferencing services work better with Apple's iOS and MacOS devices, but it appears that they have since expanded Cisco security services.

In August, insurance giant American Insurance Group announced that it would sell cyberinsurance plans to US consumers who fear that their sensitive data, such as social security or credit card numbers, could be exposed to hackers. online.

Clarification: This article has been updated to clarify that Cisco and Apple do not sell direct insurance.