Sunday, December 13, 2015

Blueprint: Predictions for 2016 and the Evolving Threat Landscape

by Derek Manky, Global Security Strategist, Fortinet

From the “just when you thought things couldn’t get worse” department…

2015 was not an easy year for cybersecurity, whether you worked for one of the countless organizations that got hacked, had to pay a ransom to decrypt files on your hard drive, or spent your days trying to stay ahead of increasingly sophisticated hackers and well-funded nation states. Unfortunately, 2016 looks to have more of the same in store, as well as new and emerging threats that will challenge both security vendors and the organizations and consumers they work to protect.

That IoT Thing

The Internet of Things (IoT) encompasses far more than just fitness trackers and fancy watches. To date, we’ve seen plenty of vulnerabilities in devices that range from surveillance cameras to industrial control systems to connected vehicles, but haven’t observed much in the way of actual attacks that exploit these vulnerabilities. One exception is Point of Sale (PoS) systems, malware for which now ranks in Japan’s top 10 list of malware in the wild and is a key platform for credit card theft.

However, in 2016, we expect connected devices to become strategic beachheads for attackers to “land and expand”, whether propagating malware among devices or, more likely, using the increasing number of IoT devices to gain entry to the corporate networks they access.  Because these corporate networks are already hardened against attack, new, less secure attack surfaces will be attractive targets for cybercriminals.

In many cases, this will require more sophisticated malware with ever smaller footprints, but we’ve already seen proofs of concept for malware that can persist and propagate on connected devices with miniscule amounts of available memory.  The notion of “headless worms on headless devices” is more than a catchy tag line. If we look back on the damage the Morris Worm was able to do back in 1989 with an attack surface of just 60,000 Unix servers (10% of which it was able to infect), imagine an attack surface of the 20 billion connected devices Gartner is predicting will be online by 2020.

Jailbreaking the Cloud

You’ve heard of jailbreaking your iPhone. Basically you install custom software to unlock all sorts of capabilities that are normally hidden from users. With this extra power comes a host of security risks, not to mention some dire warnings from Apple. This year, though, we expect to see malware begin “jailbreaking the cloud.”

What does that mean, exactly? Consider the Venom vulnerability that made headlines this year: attackers were able to exploit old floppy disk drivers to break out of the hypervisor on a virtualized system and gain access to the host operating system. Malware can (and will) be designed to crack the hypervisor on virtualized systems, making lateral movement to other guest operating systems and tenants much easier.

Because so many public and private clouds rely on virtualization to provide multitenancy, scalability, and agile infrastructure, this can have far-reaching impacts, both in corporate data centers and for cloud providers.

Additionally, many mobile applications, delivered both through public and corporate app stores, access cloud-based and virtualized systems. These systems may drive the user experience, provide data input and output on the back end, or capture data for a wide range of purposes. Compromised apps, then, as well as specific mobile malware, will become less of an annoyance or privacy concern and more of a vector for attackers seeking vulnerabilities in public and private clouds.

New Malware? Yes, Indeed

Vendors have gotten very good at detecting and blocking a range of malware. Standard client anti-virus applications can pick up known viruses and other malicious applications quickly, while cloud-based services and gateway antimalware provide extra layers of protection. The best are performing deep packet inspection to pick out not just known signatures but also suspicious behaviors, traffic associated with command and control servers, and other “indicators of compromise.”

Many companies are also adding sandboxing technologies to their networks that can observe the behavior of unknown or suspicious files in controlled environments before those files are allowed on a network. At the same time, malware authors are building in obfuscation and evasion technologies to make detection more difficult.

So-called “blastware,” for example, like the Rombertik virus that gained media attention this year, can render a vulnerable host computer unusable. This is really only a problem if Rombertik detects that it is being analyzed or altered and many of the headlines about the software were overly sensational, but the concept is important. Malware is getting smarter about the environment in which it is running.

We’ll see this play out more frequently in 2016 in “ghostware” and “2-faced malware”. Ghostware, as its name suggests, is designed to penetrate a system, steal particular types of data, and then leave without a trace, erasing itself and any indicators of compromise that security systems might detect. Without these indicators of compromise, organizations might not even know they had lost data, much less be able to conduct a forensic analysis to determine the extent or nature of the breach.

Two-faced malware detects when it is being examined in a sandbox and behaves like a benign file. When it clears the sandbox, it then completes whatever malicious action it was designed to execute. There are, appropriately, two major challenges associated with 2-faced malware:

  1. It’s very hard to detect, even with sophisticated sandboxing technology and
  2. Sandboxes generally feed threat intelligence back into a larger ecosystem and could result in a particular piece of 2-faced malware being automatically cleared by the system, enabling other instances to pass through security mechanisms unfettered.

Evolution, Not Revolution

2016, then, will be a year of evolving threats. Much of this we’ve seen before, if in less sophisticated forms. The arms race between the bad guys developing smarter and more effective malware and vendors creating more intelligent security products will continue and IoT will move from proof of concept vulnerabilities to a viable attack surface. As threats evolve, though, organizations will need to be increasingly mindful about their deployments, adoptions, and the devices and services on which they rely to conduct business.

About the Author

Derek Manky formulates security strategy with more than a decade of advanced threat research, his ultimate goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at premier security conferences. As a cyber security expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cyber security. He is involved with several threat response and intelligence initiatives, including FIRST ( and is on the board of the Cyber Threat Alliance (CTA) where he works to shape the future of actionable threat intelligence. Manky’s areas of expertise include FortiGuard, Threat Intelligence, advanced threat research, global war on cyber crime, Cyber Threat Alliance, zero-day vulnerabilities, mitigation advice and threat forecasts.

About Fortinet

Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company's fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry's highest level of threat research, intelligence and analytics. Unlike pure-play network security providers, Fortinet can solve organizations' most important security challenges, whether in networked, application, wireless or mobile environments -- be it virtualized/cloud or physical. Nearly 250,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at, the Fortinet Blog or FortiGuard Labs.

Friday, December 11, 2015

OpenAI Sets Out to Guide Artificial Intelligence Development

OpenAI, a new non-profit artificial intelligence research company, has set a course to guide the development of artificial intelligence technology "to benefit humanity as a whole, unconstrained by a need to generate financial return."

In a blog posting, the OpenAI team said it is "hard to fathom how much human-level AI could benefit society, and it's equally hard to imagine how much it could damage society if built or used incorrectly."

The endeavor is backed by $1 billion in funding commitments from prominent Silicon Valley figures, including Elon Musk, Reid Hoffman, Jessica Livingston, Peter Thiel, amongst other. Corporate backers include Amazon Web Services (AWS), Infosys, and YC Research.

OpenAI's research will be led by Ilya Sutskever, previously a leading researcher at Google and one of the world experts in machine learning. The technology team includes Greg Brockman, formerly the CTO of Stripe.

Another Buyer Bids for Atmel

Atmel confirmed the receipt of an unsolicited proposal to acquire all of the outstanding shares of Atmel common stock for $9.00 in cash per share. The name of the bidder was not disclosed.

Atmel said the offer also provided the option to receive, in lieu of cash, shares of the acquiror in an amount of up to $1.0 billion in aggregate value, based on a ten-day trailing average of the acquiror's closing stock price measured as of transaction close.

Atmel's board of directors, in consultation with its financial and external legal advisors, has determined that the proposal would reasonably be expected to result in a "Company Superior Proposal" (as defined in the Dialog merger agreement) and that the failure to participate in discussions or negotiations with the potential acquiror regarding the proposal would reasonably be expected to be inconsistent with the directors' fiduciary duties under applicable law.

  • On September September 20, Atmel entered into a merger agreement with Dialog Semiconductor plc.

India Grants National Long Distance license to NTT Com

The government of India has granted a National Long Distance license to NTT Communications India Network Services, a newly established Indian subsidiary of the Japanese carrier.

NTT Com anticipates launching India domestic network services by the end of this month. The launch will include IP-VPN and other reliable, high-quality connectivity services to meet the growing demands of companies such as automobile dealers and retailers with distributed sites across India. Customers will be able to use multiple local carriers for carrier-redundant access, one of the many ways NTT Com aims to provide secure, cost-efficient networks backed by strong service-level agreements for the mission-critical systems of its enterprise customers.

NTT Com will combine its new network services with managed-hosting and cloud services currently offered by another NTT Com subsidiary, Netmagic Solutions, which owns nine data centers in India.

Sharad Sanghi, the managing director and CEO of Netmagic, stated: “NTT Com – Netmagic will now offer world-class ICT solutions comprising secure, high-quality private-network services, including IP-VPN connecting data centers and the cloud to customers’ domestic sales or production bases. Netmagic, which launched its largest data center in Mumbai recently, is committed to constantly upgrading its product roadmap for data centers & cloud offerings.”

CloudEndure Raises $7 million for Migration & Recovery Solutions

CloudEndure, a start-up based in Israel, announced $7 million in new funding for its cloud live-migration and disaster recovery solutions.

CloudEndure’s Cloud Workload Mobility technology creates an exact copy of an entire application at an alternative cloud location – at the touch of a button, within minutes, and with the latest data. CloudEndure supports physical, virtualized or cloud-based applications as the source and Amazon Web Services (AWS), Google Cloud Platform, Microsoft’s Azure and OpenStack as target cloud locations. The company was founded in 2012.

Infosys, a leading information technology services provider working with the world’s leading enterprises, co-led the round, along with previous investor, Magma Venture Partners. The new capital will enable CloudEndure to scale its sales and marketing operations to meet increasing demand for its enterprise-grade Disaster Recovery (DR) solution.

“We are excited to announce this investment and validation from Infosys and our existing investors,” stated Ofer Gadish, CEO of CloudEndure. “This new capital will enable us to scale our efforts to meet increased demand from enterprise companies seeking a new generation of DR solutions. We’ll also continue to innovate and extend our solution to meet the dynamic needs of our growing customer base.”

  • CloudEndure is headed by Ofer CEO, who previously was the CEO and Co-Founder of AcceloWeb and VP & General Manager in Limelight Networks after its acquisition of AcceloWeb.

First Intelsat EpicNG Satellite Arrives in French Guiana Ahead of Launch

The first of the Intelsat EpicNG series of High Throughput Satellites, Intelsat 29e, arrived at the Guiana Space Center ahead of its scheduled launch on an Ariane 5 rocket on the 27th of January 2016.

Manufactured by Boeing and equipped with the most advanced digital payload on a commercial spacecraft,

Intelsat 29e will bring High Throughput capacity in both C- and Ku-band to North and Latin America and the North Atlantic region. The satellite was manufactured by Boeing and is designed to be fully interoperable with the already deployed Intelsat satellite fleet and terrestrial infrastructure.

Intelsat named a number of customers in the region who have already committed to Intelsat EpicNG, include Compania Anonima Nacional Telefonos de Venezuela, BT Latam Venezuela, Anditel, S.A.S, Axesat, Amazonia Cabo Ltda., Cadena Ecuatoriana de Television C.A., Canal 10 CETV, Corporacion Nacional de Telecommunicaciones CNTE.P., Fox Latin America Channels do Brasil, Igrege Mundial do Poder de Deus, Radio e Televisao Banderantes and Telefonica del Peru.

 Intelsat Plans "EpicNG" Broadband Satellites

Intelsat unveiled its EpicNG platform -- a new approach to satellite and network architecture utilizing multiple frequency bands, wide beams, spot beams and frequency reuse technology. EpicNG will be the company's next generation of satellites, promising higher throughputs and lower cost per bit. It will be a complementary overlay to the company's existing constellation of satellites and global IntelsatONE terrestrial network.

Target markets include wireless and fixed telecommunications, enterprise, mobility, video and government applications requiring broadband infrastructure across the major continents. Intelsat said its EpicNG platform will bring high throughput technology to its spectral rights in the C-, Ku- and Ka-bands. Customers will be able to use existing hardware and network topologies, and in many cases, define their own service characteristics, enabling them to offer customized solutions to their end users and build upon their current business success. Initially, the Intelsat EpicNG platform will feature two next generation satellites, and Intelsat is currently evaluating proposals by several manufacturers. These first two satellites, Intelsat 29e and Intelsat 33e, have projected in-services dates in 2015 and 2016, and feature wide coverage and high throughput capacity; combined they will serve every populated region in the world.

 "The Intelsat EpicNG platform represents the next generation of satellites, a progressive evolution of the Intelsat fleet," said Intelsat Chief Executive Officer Dave McGlade. "As the global demand for bandwidth surges and penetration of communications reaches ever further into developing regions and mobile applications, we are strategically investing in this platform to support our customers with a highly reliable and efficient broadband infrastructure as they launch new services and enter new geographies." “With Intelsat EpicNG, we will deliver innovation that creates immediate value for our customers,” said Intelsat SVP and Chief Technical Officer Thierry Guillemin. "As bandwidth demand grows, speed and throughput is critical. However, equally important is the operating environment. Our customers operate vast infrastructures, with millions of dollars invested in capital equipment and operational teams that must be managed efficiently. Intelsat EpicNG caters to this environment, with an architecture open to a wide array of network topologies and terminal technologies. Combined with multi-band frequency reuse, this is high throughput with the benefits of backward and forward compatibility. Operational excellence is core to our approach, and Intelsat EpicNG is designed to support the same in our customers’ businesses."

Microsoft Looks to Build Huge Data Center in San Antonio

Microsoft has acquired 158 acres of land in San Antonio with plans to build one of the largest data centers in the country, according to a report from the San Antonio Business Journal.

Microsoft reportedly looks to break ground in the coming months on an eight-building data center campus of over 1 million square feet.  The company did not comment on the report.

Microsoft Azure Takes Big Steps Forward

At its AzureCon 2015 event, Microsoft rolled out a number of big improvements to its Azure cloud platform centered around containers, security, infrastructure and the Internet of Things (IoT). The company also announced the availability of Microsoft Azure services in India from three regional data centers:  Central India in Pune, South India in Chennai, and West India in Mumbai

"We live in a connected world, and the intelligent cloud is powering it all,” said Scott Guthrie, executive vice president of Microsoft’s Cloud + Enterprise Division. “As data and devices continue to proliferate, there is vast opportunity for businesses to tap into their data to make their applications more intelligent

Highlights include:

General availability of Azure File Storage, featuring support of SMB 3.0 and the ability to mount file shares from anywhere (Azure or on-premises).

  • More that 40% of revenue on Azure comes from start-ups
  • 80% of Fortune 500 are using the Microsoft cloud.
  • New Azure Container Service -- building on work with Docker and Mesosphere to create and manage scalable clusters of host machines onto which containerized applications can be deployed, orchestrated, and managed. Azure Container Service makes it easier to create and manage clusters of hosts pre-configured with Docker, Apache Mesos, Marathon and Docker Swarm. This work couples Azure's hyper-scale and enterprise-grade cloud with proven open source technologies to deliver the foundation for the container deployment, orchestration, and management service any team building container apps will need.
  • New N-series, a new family of Azure Virtual Machines (VMs) powered by NVIDIA GPUs. Microsoft is the first hyper-scale provider to announce VMs featuring NVIDIA Grid 2.0 technology and the industry-leading Tesla Accelerated Computing Platform for professional graphics applications, deep learning, high-performance computing and more. A preview will be available in a few months.
  • New Azure Mobile Engagement -- a new SaaS-delivered, data-driven user engagement platform that enables real-time fine-grain user segmentation, app user analytics, contextually-aware smart push notifications and in-app messaging across all connected devices.
  • New Linux for Azure Data Lake -- aiming to make big data technology simpler and more accessible. Azure Data Lake makes HDInsight, which is Microsoft's Apache Hadoop-based service. Customers logging into the Azure Portal will now have a choice to select either Windows or Linux when deploying HDInsight. 
  • New Azure IoT Suite -- brings together preconfigured offerings to enable companies to leverage Azure Stream Analytics for IoT. The latest Stream Analytics updates include support for IoT Hub input the ability to output stream analytics to Azure DocumentDB.
  • New Azure CDN using the Akamai network -- integrating Akamai’s  CDN capabilities directly into the Microsoft Azure cloud platform. 
  • New Shared Access Signatures, delivering full parity with storage account keys and providing a more secure alternative to delegating access to storage users than storage account keys provide.
  • New Azure Storage client library for iOS.
  • The Azure Storage client library for Java will soon support client-side encryption complementing the existing capability in the Azure Storage client library for .Net.
  • New Azure support for the Financial Services Industry, including a detailed set of Payment Card Industry (PCI) and Data Security Standard (DSS) guidance describing Azure and customer shared responsibilities.

LookingGlass Acquires Cyveillance, Adds $50 Million in Funding

LookingGlass Cyber Solutions announced its acquisition of Cyveillance, a provider of open-source threat intelligence (OSINT), along with a $50 million round of Series C financing.

Founded in 1997, Cyveillance delivers an open source intelligence-led approach to security through continuous, comprehensive monitoring and analysis of millions of online data sources to protect client information, infrastructure, and employees from physical and online threats. The Cyveillance Cyber Threat Center, a cloud-based platform, combines web search, social media monitoring, underground channel information, and global intelligence with investigative tools and databases of threat actors, domain names and IP data, phishing activity, and malware to help identify risks and threats to every aspect of a business.

LookingGlass said the combination of its suite of threat and Internet intelligence driven solutions with Cyveillance’s customer-specific customized solutions focused on unstructured and open source intelligence enables broad visibility and unparalleled understanding of risks and threats across the entire Internet to help clients take swift, confident action on prioritized, relevant threats.

The new funding was led by NewSpring Capital. In addition to supporting the acquisition of Cyveillance, capital from the transaction will be used to fund further growth initiatives including product development, further product integration, international expansion, sales, marketing and customer support. ARC Securities advised LookingGlass on the acquisition and capital raise. In addition to NewSpring Capital, LookingGlass investors include Alsop Louie Partners and the Neuberger Berman Group.

This caps off a record year following the company’s $20 million Series B Funding and earlier acquisitions of CloudShield and Kleissner & Associates.

“Our acquisition of Cyveillance further advances our corporate strategy of delivering the most comprehensive threat intelligence capability in the market. The addition of Cyveillance allows LookingGlass to expand our coverage across the risk landscape helping security teams stay ahead of threats in an efficient and effective way,” said Chris Coleman, CEO of LookingGlass.

Vonage Picks Velocloud for SD-WAN

Vonage has selected VeloCloud's Cloud-Delivered SD-WAN (Software-Defined Wide Area Network) technology to launch a new SmartWAN service.

Vonage SmartWAN will help to enhance the performance of mission critical applications such as Virtual Desktop, Software-as-a-Service (SaaS), CRM tools and Hosted Email. Additional benefits include QoS and brownout/blackout protection, as well as the ability to maximize bandwidth resources across multiple locations. The same technology also benefits customers with a single broadband connection.

Vonage chose VeloCloud Cloud-Delivered SD-WAN technology for its unique combination of Dynamic Multipath Optimization and on-demand remediation capabilities across multiple network connections or over a single connection. It also enables bandwidth on-demand, provides direct & optimal access to cloud-based applications, and simplifies deployment of services.

“Vonage is renowned for its commitment to providing reliable and high performance UCaaS voice and data services solutions in the cloud over both private networks and broadband connections,” said Sanjay Uppal, CEO and Co-Founder of VeloCloud. “Vonage’s choice of VeloCloud Cloud-Delivered SD-WAN technology for their next generation Managed UC and SD-WAN solutions is a great testament to the high quality, cost effective experience it delivers.”

“As businesses increase the usage of video, online collaboration tools and other cloud applications, maintaining the quality of shared bandwidth becomes vital,” said Sanjay Srinivasan, Vice President and Chief Technology Architect Business Engineering for Vonage. “Vonage SmartWAN complements the features and functionality of a company’s cloud-based unified communications solution with the added reliability they need to maintain Quality of Service and keep their businesses running smoothly.”

Thursday, December 10, 2015

Nokia Hits 428 Mbps w TD-LTE with 3-Band CA and 256QAM

Nokia Networks, together with SK Telecom, demonstrated 428 Mbps data transmission using TD-LTE 3xCA with 256 QAM.

The test used a Qualcomm  Snapdragon X12 LTE modem along with Nokia's Flexi Multiradio 10 Base Station and software to aggregate three carriers on the TD-LTE band 41 spectrum (2496 – 2690 MHz).

The companies said this lays the foundation for the introduction of TD-LTE in Korea, with Nokia’s Single RAN Advanced platform as a foundation for SK Telecom.

  • In November, Nokia Networks has achieved a transmission speed of 19.1 Gbps and lower latency using 5G cmWave technology in a trial in South Korea. 
  • The trial used an OFDMA-based TDD system with 4x100 MHz carriers and 8x8 Multiple-Input Multiple-Output (MIMO), enabling eight independent data streams sent between the base station and the user device. In addition, 256QAM modulation enables the sending of eight bits of information per modulation symbol. The scaled OFDM has a shorter symbol length and Transmit Time Interval (TTI) that is expected to achieve a lower latency than with LTE.

Facebook Shows GPU-based System for AI

Facebook will open source its design for a GPU-based system optimized for machine learning (ML) and artificial intelligence (AI).

The hardware system, code-named "Big Sur", was developed by Facebook's engineering team to run its software capable of answering questions based on ingested stories and articles. Big Sur is Open Rack-compatible and incorporates eight high-performance GPUs of up to 300 watts each, with the flexibility to configure between multiple PCI-e topologies. It uses NVIDIA's Tesla Accelerated Computing Platform.

Facebook said its plan to open-source Big Sur and will submit the design materials to the Open Compute Project (OCP).

O3B Lands $460 Million to Expand Global Satellite Constellation

O3b Networks closed $460 million in incremental financing to support its next-generation satellite network.  The company plans to use the money to expand the total number of satellites in its constellation from twelve to twenty.

O3b began full commercial operations in September 2014. The company said it now supports connectivity for more than 40 customers worldwide, with more than 50% of those customers having already upgraded their service commitments to O3b during the first year of commercial operation.

“This is an incredibly exciting time for O3b and its customers. Our constellation is highly scalable and can be grown in direct response to market demand. In only a little over a year from our full commercial launch, we can already see the need for substantially more capacity in orbit to serve our customers. We are the No.1 operator in the Pacific and, together with Royal Caribbean, we have revolutionized the cruise connectivity market. Our Telco customers are expanding their service offerings and growing their markets on the back of O3b’s performance and capability,” said Steve Collar, CEO of O3b Networks.

  • O3b Networks’ investors include SES, Google, Liberty Global, HSBC Principal Investments, Northbridge Venture Partners, Allen & Company, Development Bank of Southern Africa, Sofina, Satya Capital and Luxempart. O3b Networks is headquartered in St. Helier, Jersey, Channel Islands.

D-Link Ultra Series Router Delivers Dual-band Speeds up to 3,167 Mbps

D-Link released its latest Ultra Series Router, the AC3150 Ultra Wi-Fi Router supporting dual-band speeds of up to 3,167Mbps, SmartConnect to automatically assign clients to the wireless band providing the best bandwidth and Advanced AC SmartBeam to enhance signal strength and throughput.

The unit incorporates multi-user MIMO (MU-MIMO) technology, which enables simultaneous transmission to groups of clients, making more efficient use of available Wi-Fi network capacity and speeding up transmissions. It is equipped with four high-performance detachable external antennas and high power amplifiers designed to maximize range and optimize coverage along with 4x4 data streams for maximum throughput to handle even the most intense 4K streaming and gaming sessions. In addition, the router features four gigabit LAN Ethernet ports for high speed wired connectivity and are enabled with WPA™ or WPA2™ security and Wi-Fi Protected setup to ensure network integrity and ease-of-setup.

"The availability of the AC3150 Ultra Wi-Fi Router strengthens D-Link's position as a market innovator as more and more consumers are looking for routers with unique designs that deliver the latest technology," said Ken Loyd, director of product marketing, D-Link Systems, Inc. "The AC3150 offers users the ability to provide high-bandwidth signal to multiple devices simultaneously, delivering a premium performance for today's most demanding tasks like HD streaming and gaming."

Wind River Offers Reference Design for Virtual Business CPE (vBCPE)

Wind River introduced a reference design for a virtual business customer premises equipment (vBCPE), following extensive collaboration with four Network Functions Virtualization (NFV) software partners: Brocade, Check Point, InfoVista and Riverbed.

The vBCPE design, which runs on the Wind River Titanium Server™ NFV infrastructure (NFVI) platform, supports virtual network functions (VNFs) from each of these partners.

"We are grateful to our VNF partners for their collaboration in developing this reference design,” said Charlie Ashton, senior director of business development for networking solutions, Wind River. “Together we have demonstrated that it’s possible to integrate VNFs from multiple sources into a service chain that provides the end-to-end functionality for an enterprise-class vCPE solution, running on an NFVI platform that ensures carrier grade reliability.”

Ciena Posts Q4 Revenue of $692 Million

Ciena reported fiscal fourth quarter 2015 revenue of $692.0 million, as compared to $591.0 million for the fiscal fourth quarter 2014. For fiscal year 2015, Ciena reported revenue of $2.4 billion, as compared to $2.3 billion for fiscal year 2014. Ciena's net loss (GAAP) for the fiscal fourth quarter 2015 was $(13.8) million, or $(0.10) per diluted common share, which compares to a GAAP net loss of $(30.7) million, or $(0.29) per diluted common share, for the fiscal fourth quarter 2014. For fiscal year 2015, Ciena had a GAAP net income of $11.7 million, or $0.10 per diluted common share, which compares to a GAAP net loss of $(40.6) million or $(0.38) per diluted common share for fiscal year 2014.

"Our strong financial performance in fiscal 2015 included substantial increases in gross and operating margin as well as meaningful cash generation, which enabled us to exceed the longer-term financial milestones that we established several years ago,” said Gary Smith, president and CEO, Ciena. “We believe that our proven ability to drive operating leverage from the business, when combined with strong market drivers from the next phase of network transformation, positions us well to deliver continued growth and profitability in fiscal 2016 and beyond.”

Huawei Outlines Vision for Application-driven Carrier Networks

Huawei outlined its vision for a carrier-grade Application-driven Network (ADN) network architecture.

The idea is to prioritize network applications and service demands in network design, unlike conventional approaches that focus on resource utilization and optimizing network operations.

The company said its ADN will support 5G network slicing and will bolster both near and long-term network evolution. ADNs will differ from existing NFV and SDN concepts, but will integrate NFV and SDN technologies that have not yet delivered any economic benefits into a comprehensive network architecture that focuses on user experience.

Speaking at IEEE Globecom 2015 in San Diego, Huawei Fellow Dr. Wen Tong said: "Our innovative ADN architecture vision puts applications at the network's core to deliver significant efficiency gains for network applications. Unlike traditional network architectures, ADNs will support application abstraction, network reorganization, global and local coordination of network resources, and application decoupling by service layering. With these advantages, ADN is poised to meet a variety of future application demands, for example, in 5G networks."

Wednesday, December 9, 2015

Blueprint: NFV Brings Changes to Carrier Purchasing Patterns

by Greg Collins, Founder, Exact Ventures

Spurred by increasing competition from over-the-top (OTT) service providers like Apple, Facebook, Google, and Microsoft, many network operators have an urgent need to transition and adapt their networks in order to be able to quickly develop, deploy and monetize competing services as well as to open their networks to new services that may originate from outside of the operator.  This need for ‘service agility’ for network operators is being enabled by the increasing maturity of Network Function Virtualization (NFV) technology whereby many network nodes will increasingly be virtualized.   In other words, over time mobile network cores will look more like the datacenters you would find at the OTT service providers, than more traditional central offices with many racks of purpose-built equipment.

While practically every network operator has virtualization as a key criteria in evaluating core network element, most current deployments are of legacy physical platforms consisting of both hardware and software.  AT&T’s Domain 2.0, Deutsche Telecom’s Terrestream, and Telefónica’s UNICA efforts are prominent examples of network operators aggressively driving this change through their supply chain.  While we are at the very early stages of IT and datacenter technology spreading to operator core networks, we believe that this architectural transition is generational and will gradually increase over the next decade.

Those network elements that are low-bandwidth and compute-intensive can be moved into a virtualized datacenter, either in an operator’s network or a public cloud network, more easily than data intensive network functions that benefit from specific packet processing or transcoding.  This change offers operators several advantages like cost savings, scale and efficiency.  Deploying common, off-the-shelf (COTS) server hardware and virtualization software is potentially less expensive than purchasing dedicated hardware for each network node or function.  System capacity can also be scaled up or down almost instantly depending on demand.  Redundancy and high-availability features are often inherent in datacenter infrastructure and would not have to be duplicated, as is the case in many network functions today.  As service providers begin to trial and evaluate NFV architectures and individual virtual network functions (VNFs), this process will likely trigger another round of vendor selection for network elements centered on the NFV and management and network orchestration (MANO) architectures.

Given this change, the value of the funds spent on networking infrastructure is slowly being reallocated.  Network specific hardware spending is trending downward—toward zero perhaps—while these funds will ostensibly be reallocated to software elements that perform the same function on top of COTS hardware.  These software elements will come at a lower price than the hardware-based networking solutions.  Moreover, the software elements, or VNFs, will be sold in the traditional manner of perpetual licenses with an annual software maintenance fee, but also as an annual or multi year subscription aka networking-as-a-service (NaaS) or infrastructure-as-a-service (IaaS).  Service providers will increasingly but gradually look at their infrastructure costs in terms of opex versus capex, which will change the way they budget and plan as well as how they communicate with the investment community.  This can be quite a change for some network operators who expect to purchase networking equipment once and then squeeze every bit of value that they can get from it over the next five to ten years or more.

About the Author

Greg Collins is a technology analyst and strategist with extensive experience in creating innovative, highly analytical and enduring market segmentation and research practices in technical networking, telecommunications, and wireless markets. Greg founded Exact Ventures in 2011 in order to provide market intelligence with greater depth and context than traditional, static pillars of market data. - See more at:

About Exact Ventures

Exact Ventures covers NFV in each of its research areas: Evolved Packet Core, IMS/VoLTE, Policy Servers/PCRF, Session Border Controllers, Signaling, etc.

Verizon Enhances its Collaboration Portrfolio with Cisco

by James E. Carroll

Verizon is expanding its global Collaboration portfolio with the introduction of additional rich conferencing and mobile collaboration tools based on Cisco WebEx Cloud Connected Audio, Collaboration Meeting Room and Verizon’s  UCCaaS Mobile First service.

Verizon is rolling out UCCaaS Mobile First, an advanced collaboration solution based on Cisco Hosted Collaboration Solution.  The service is aimed at an increasingly mobile workforce that offers end-users the ability to boost the audio and video performance of the Cisco Jabber mobile unified communications client application on Verizon’s 4G LTE network for a high quality experience.
Cisco Jabber enables users to make and receive voice and HD video calls and access other tools such as instant messaging and WebEx conferencing on their preferred device, whether it is a smartphone, tablet, PC or MAC.

Verizon said that by leveraging its UCCaaS in conjunction with its Private Network Traffic Management solution, which offers QoS over 4G LTE, workers can benefit from prioritized voice and video calls when using the Cisco Jabber client from select 4G LTE smartphones and tablets in the United States.

Verizon is also enabling a more cost-effective conferencing solution through Cisco WebEx with Cloud Connected Audio and Collaboration Meeting Rooms – an “any device” solution in more than 150 countries and 2,700 cities worldwide.  The Meeting Rooms offer a personalized, 24x7 collaboration meeting resource to meet at an instance’s notice with a simple click.

“The rise of the mobile enterprise and necessity for voice, video and collaboration anywhere, at any time, requires solutions which can provide a seamless high-quality experience that doesn’t distinguish between working in an office, from home or on the road,” said Tony Recine, senior vice president and chief marketing officer for Verizon Enterprise Solutions. “With Verizon’s cloud-based Collaboration Suite, Verizon is putting all the right tools in place to provide a simple, secure and reliable experience for corporate workers when meeting and collaborating with colleagues, partners and customers.”

Deutsche Telekom Launches Public Cloud based on Cisco

Deutsche Telekom launched of a new public cloud service compliant with German data sovereignty legislation. T-Systems, the business division of Deutsche Telekom, will operate and manage the new infrastructure-as-a-service (IaaS) offering – DSI Intercloud – from its highly secure data centers in Germany.

Services include computing, storage and networking in a pay-as-you-go model through Telekom’s new cloud portal. The service will be available without minimum purchase requirements and contract periods, starting from EUR 0.05 per hour. Additional storage starts at EUR 0.02 per gigabyte.

Deutsche Telekom said its public cloud also creates the foundation for a secure European Internet of Things that offers the highest availability and scalability for real-time analytics. Innovative platform-as-a-service (PaaS) and software-as-a-service (SaaS) offerings are slated to follow in the first half of 2016.

Deutsche Telekom's public cloud is based on the Cisco cloud platform and its Intercloud initiative.  Cisco and Telekom will focus on delivering the necessary high availability and scalability for real-time analytics at the edge of the network to make Telekom’s cloud the foundation for innovative IoT experiences.

T-Systems has been providing cloud services for business customers for ten years, including for multinational companies such as Shell, Daimler and Thyssen-Krupp.

BT to Deploy Virtual Riverbed SteelHeads to Accelerate Cloud Services

BT will deploy virtual Riverbed SteelHead application acceleration technology in the core of its global network, providing superior application performance for customers accessing BT’s own cloud services as well as other leading Software-as-a-Service (SaaS) offerings. It is the first time Riverbed technology has been deployed into the core of a global telecoms network.

Specifically, BT and Riverbed are embedding their services at global business hubs in Europe, North America and Asia in locations where BT has direct links to leading cloud providers and high-capacity internet breakout. The service will be available globally from early 2016 and accessible through BT’s IP Connect VPN from 198 countries and territories.

BT said the deployment is part of its Cloud of Clouds vision, which is about allowing customers to connect easily and securely to the applications and data they need, regardless of where they’re hosted and where they are based.

Keith Langridge, vice president, network services at BT Global Services, said: “Our Cloud of Clouds vision is rapidly coming to fruition. By including Riverbed-as-a-service in our offering, we address one of the key issues faced by our customers: the performance and reliability of applications hosted in the cloud. The new service builds on the direct network connectivity we already provide to major cloud providers by bringing better speed, performance and control to applications hosted with these cloud providers. This joint offering with Riverbed is a milestone on the journey to software-defined networks, and creates an additional differentiator against our competitors.”

Paul O’Farrell, Senior Vice President and General Manager, SteelHead and SteelFusion, at Riverbed said, “CIOs want to enjoy all of the benefits of the hybrid enterprise while solving the challenges of application delivery in this complex environment. Riverbed invented WAN optimization in 2004 with the launch of SteelHead and is today the leader in application performance infrastructure. The new integrated cloud-based solution from BT and Riverbed will provide unmatched application availability and acceleration as a service, offering an easier on-ramp to cloud computing via BT’s Cloud Connect service.”