ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of three categories of service provider: ISP, cloud provider, UCaaS. By Tim Greene Executive Editor, Network World | 27 OCTOBER 2022 5:00 SGT The reliability of services delivered by ISPs, cloud providers and conferencing services (a.k.a. unified communications-as-a-service (UCaaS)) is an indication of how well served businesses are via the internet. ThousandEyes is monitoring how these providers are handling the performance challenges they face. It will provide Network World a roundup of interesting events of the week in the delivery of these services, and Network World will provide a summary here. Stop back next week for another update, and see more details here. Get regularly scheduled insights by signing up for Network World newsletters Updated Oct. 24 Global outages across all three categories last week increased from 283 to 374, up 32% compared to the week prior. In the US, they increased from 72 to 94, up 31%. Globally, ISP outages jumped from 194 to 293, up 51% while in the US they increased from 55 to 72, up 31%. Globally cloud-provider network outages jumped from six to 10, and in the US increased from one to four. Globally collaboration-app network outages decreased from nine to seven, and in the US decreased from six to four. Two notable outages: On October 19, LinkedIn experienced a service disruption affecting its mobile and desktop user base. The disruption was first observed around 6:34 p.m. EDT, with users attempting to post to LinkedIn receiving error messages. The total disruption lasted around an hour and a half during which no network issues were observed connecting to LinkedIn web servers indicating the issue was application related. The service was restored around 7 p.m. EDT. On October 22, Level 3 Communications experienced an outage affecting downstream partners and customers in the US, Canada, the Netherlands, and Spain. The outage lasted a total of 18 minutes divided into two occurrences distributed over a 30-minute period. The first occurrence was observed around 12:35 a.m. EDT and appeared centered on Level 3 nodes in Chicago, Ilinois. Five minutes later, nodes in St. Louis, Missouri, also exhibited outage conditions. Ten minutes after the outage appearing to clear, the St. Louis nodes began exhibiting outage conditions again. The outage was cleared around 1:05 a.m. EDT. Click here for an interactive view. Updated Oct. 17 Global outages across all three categories last week decreased from 328 to 283, a 14% decrease compared to the week prior. In the US, outages dropped from 101 to 72, down 29%. Global ISP outages decreased from 239 to 194, down19%, and in the US decrease from 76 to 55, down 28%. Global cloud-provider network outages dropped from 12 to six, while in the US they dropped from six to one. Global collaboration-app network outages decreased from 10 to nine, and from seven to six in the US. Two notable outages: On October 10, Microsoft experienced an outage affecting downstream partners and access to services running on Microsoft environments. The outage, which lasted 19 minutes, was first observed around 3:50 p.m. EDT and appeared centered on Microsoft nodes in Des Moines, Iowa. Ten minutes after that, nodes in Los Angeles, California exhibited outage conditions and appeared to clear five minutes later. The Des Moines outage was cleared around 4:10 p.m. EDT. Click here for an interactive view. On October 12, Continental Broadband Pennsylvania experienced an outage affecting some customers and partners across the US. The outage lasted around 49 minutes in total, divided into four occurrences distributed over a period of an hour and 45 minutes. The first occurrence was observed around 11:10 p.m. EDT, lasted 23 minutes, and appeared to focus on Continental nodes in Columbus, Ohio. The first occurrence appeared to clear around 11:35 p.m. EDT. Five minutes later, Cleveland, Ohio, nodes exhibited outage conditions before clearing after four minutes. Fifteen minutes after that, the Columbus nodes once again exhibited outage conditions. The outage was cleared around 12:55 a.m. EDT. Click here for an interactive view. Updated Oct. 10 Global outages across all three categories last week increased from 301 to 328, up 9% compared to the week prior. In the US they decreased from 107 to 101, down 6%. Globally ISP outages increased from 233 to 239, up 3%, and in the US they decreased from 78 to 76, down 3%. Globally cloud-provider network outages doubled from six to 12, while in the US they remained the same at six. Globally and in the US, collaboration app network outages remained the same with 10 outages globally and seven in the US. Two notable outages: On October 4, Deft experienced an outage affecting some of its customers and downstream partners across the US, Brazil, Germany, Japan, Canada, India, Australia, the UK, France, and Singapore. The outage lasted around an hour and six minutes in total, divided among four occurrences over a period of an hour and 30 minutes. The first occurrence was observed around 5:25 a.m. EDT and appeared to center on Deft nodes in Chicago, Ilinois. It lasted 14 minutes and appeared to clear around 5:40 a.m. EDT. Five minutes later, a second occurrence lasting 19 minutes was observed with Chicago nodes exhibiting outage conditions. The third occurrence lasting 24 minutes was observed around 6:10 a.m. EDT, again centered on Chicago nodes. Ten minutes later they appeared to clear, but began exhibiting outage conditions again. The outage was cleared around 6:55 a.m. EDT. Click here for an interactive view. On October 5, TATA Communications America experienced an outage affecting downstream partners and customers in the US, the UK, France, Turkey, the Netherlands, Portugal, India, and Israel. The outage, lasting 9 minutes in total, was first observed around 9:25 a.m. EDT and appeared initially to center on TATA nodes in Newark, New Jersey, and London, England. Five minutes into the outage, the Newark and London node outages were joined by nodes in Marseille, France. The outage was cleared around 9:35 a.m. EDT. Click here for an interactive view. Updated Oct. 3 Global outages

Reducing threats from enterprise IoT devices requires monitoring tools, software vulnerability testing, and network security measures including network segmentation. Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. “That’s the doomsday scenario that everyone is afraid of,” says Skip Rollins, the hospital chain’s CIO and CISO. Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren’t being hacked. But he can’t. “The vendors in this space are very uncooperative,” he says. “They all have proprietary operating systems and proprietary tools. We can’t scan these devices. We can’t put security software on these devices. We can’t see anything they’re doing. And the vendors intentionally deliver them that way.” The vendors claim that their systems are unhackable, he says. “And we say, ‘Let’s put that in the contract.’ And they won’t.” That’s probably because the devices could be rife with vulnerabilities. According to a report released earlier this year by healthcare cybersecurity firm Cynerio, 53% of medical devices have at least one critical vulnerability. For example, devices often come with default passwords and settings that attackers can easily find online, or are running old, unsupported versions of Windows. And attackers aren’t sleeping. According to Ponemon research released last fall, attacks on IoT or medical devices accounted for 21% of all healthcare breaches – the same percentage as phishing attacks. Like other health care providers, Freeman Health Systems is trying to get device vendors to take security more seriously, but, so far, it hasn’t been successful. “Our vendors won’t work with us to solve the problem,” Rollins says. “It’s their proprietary business model.” As a result, there are devices sitting in areas accessible to the public, some with accessible USB ports, connected to networks, and with no way to directly address the security issues. With budgets tight, hospitals can’t threaten vendors that they’ll get rid of their old devices and replace them with new ones, even if there are newer, more secure alternatives available. So, instead, Freeman Health uses network-based mitigation strategies and other workarounds to help reduce the risks. “We monitor the traffic going in and out,” says Rollins, using a traffic-monitoring tool from Ordr. Communications with suspicious locations can be blocked by firewalls, and lateral movement to other hospital systems is limited by network segmentation. “But that doesn’t mean that the device couldn’t be compromised as it’s taking care of the patient,” he says. To complicate matters further, blocking these devices from communicating with, say, other countries, can keep critical updates from being installed. “It’s not unusual at all for devices to be reaching out to China, South Korea, or even Russia because components are made in all those areas of the world,” he says. Rollins says that he’s not aware of attempts to physically harm people by hacking their medical devices in real life. “At least today, most hackers are looking for a payday, not to hurt people,” he says. But a nation-state attack similar to the SolarWinds cyberattack that targets medical devices instead, has the potential to do untold amounts of damage. “Most medical devices are connected back to a central device, in a hub-and-spoke kind of network,” he says. “If they compromised those networks, it would compromise the tools that we use to take care of our patients. That’s a real threat.” IoT visibility struggle The first challenge of IoT security is identifying what devices are present in the enterprise environment. But devices are often installed by individual business units or employees, and they fall under the purview of operations, buildings and maintenance, and other departments. Many companies don’t have a single entity responsible for securing IoT devices. Appointing someone is the first step to getting the problem under control, says Doug Clifton, who leads OT and IT efforts for the Americas at Ernst & Young. The second step is to actually find the devices. According to Forrester analyst Paddy Harrington, several vendors offer network scans to help companies do that. Gear from Checkpoint, Palo Alto, and others can continuously run passive scans, and when new devices are detected, automatically apply security policies to them. “It won’t solve everything,” he says, “But it’s a step in the right direction.” Still, some devices don’t fall neatly into known categories and are hard to direct. “There’s an 80-20 rule,” says Clifton. “Eighty percent of devices can be collected by technology. For the other 20%, there needs to be some investigative work.” Companies that don’t yet have an IoT scanning tool should start out by talking to the security vendors they’re already working with, Harrington says. “See if they have an offering. It may not be best of breed, but it will help span the gap, and you won’t have to have a ton of new infrastructure.” Enterprises typically use spreadsheets to keep track of IoT devices, says May Wang, Palo Alto’s CTO for IOT security. Each area of the business might have its own list. “When we go to a hospital, we get a spreadsheet from the IT department, the facilities department, and the biomed devices department – and all three spreadsheets are different and show different devices,” she says. And when Palo Alto runs a scan of the environments, these lists typically fall short – sometimes by more than an order of magnitude. Many are older devices, Wang says, installed in the days before IoT devices were recognized as security threats. “Traditional network security doesn’t see these devices,” she says. “And traditional approaches to protecting these devices don’t work.” But companies can’t apply endpoint security or vulnerability-management policies to devices until they are all identified. Palo Alto now includes machine-learning-powered IoT device detection integrated in its next-generation firewall. “We can tell you what kind of devices you have, what kind of hardware, software, operating systems, what protocols you’re using,” Wang says. The Palo

The popular IT management software firm is looking to keep its customer base together as companies migrate from on-premises infrastructure, with cloud and hybrid cloud versions of its new Observability product. Share on Facebook Share on Twitter Share on LinkedIn Share on Reddit Share by Email Print resource Jon GoldBy Jon Gold Senior Writer, Network World | 21 OCTOBER 2022 5:55 SGT SolarWinds, the maker of a well-known and widely used suite of IT management software products, announced this week that it’s expanding to the cloud, with the release of Observability, a cloud-native, SaaS-based IT management service that is also available for hybrid cloud environments. The basic idea of Observability is to provide a more holistic, integrated overview of an end-user company’s IT systems, using a single-pane-of-glass interface to track data from network, infrastructure, application and database sources. The system’s machine learning techniques are designed to bolster security via anomaly detection. SolarWinds said that the system will work with both AWS and Azure—a Google Cloud version is in the works and planned for next year—and a hybrid cloud version is also available for deployment in users’ data centers. As deployment of cloud and hybrid cloud applications gained momentum over the past few years, leading to increasing infrastructure complexity, the term “observability” gained currency, denoting the ability of a system to provide a high-level overview of IT infrastructure as well as granular metrics, to allow for efficient network and security management. “[W]e’re laying the foundation for autonomous operations through both monitoring and observability solutions,” said SolarWinds chief product officer Rohini Kasturi in a statement. “With our Hybrid Cloud Observability and SolarWinds Observability offerings, customers have ultimate flexibility to deploy on a private cloud, public cloud, or as a service.” It’s an important step forward for SolarWinds, according to Gartner VP analyst Gregg Siegfried, for multiple reasons. For one thing, he said, the company’s traditional products work in a siloed way—so server monitoring and network monitoring are completely different products, with different management consoles and so on. Integrating them into a more integrated overview, then, is crucial, despite the presence of SolarWinds’ Orion integration platform. “When you think about the visibility platforms of today, the idea is that you’re able to look at these things more holistically, so the most important thing is being able to do that,” he said. Another reason that Observability is likely to prove critically important to SolarWinds’ position in the market is that it marks a shift away from the company’s traditional focus on on-premises solutions. Siegfried said that SolarWinds has been losing market share to several companies as businesses increasingly move core IT operations out of the data center and into cloud environments. “Bottom line is that they’ve been bleeding share as people move into the cloud because the Orion [IT monitoring] product doesn’t support cloud-based workloads,” he said. “[Observability], in theory, provides a migration path to those who are still on Orion as they migrate to the cloud.” SolarWinds’ reputation in the marketplace is still recovering from the highly publicized cyberattack in 2020, in which hackers backed by the Russian government compromised US government systems at least partially via security flaws in SolarWinds’ products. “They still have a sizeable customer base, and certainly the damage to their reputation continues,” noted Siegfried. “But they’ve taken the right communications steps and made tangible changes to the way they do things, they’re certainly trying to right the ship, and these types of solutions are all important ways to broaden their appeal.” Observability has elastic pricing, based on the type of service purchased and the size of the environment to be managed—application observability is priced per app instance, log observability is priced per GB per month, and so on. The product is available now. https://www.networkworld.com/article/3677492/solarwinds-observability-offers-visibility-into-hybrid-cloud-infrastructure.html