AI is everywhere. It’s in our apps, it’s on our smartphones, it’s developing new strains of neural know-how within the confines of the cloud datacenter and it’s rolling out across the ‘edge’ compute estate of smart devices in the Internet of Things (IoT). Because Artificial Intelligence (AI) is so ubiquitous, it is also various, multifarious and occasionally precarious (when we fail to eradicate AI bias and explainability) in its nature. Today, the biggest driving force in AI comes from the fact that it is now capable of working in ways that deliver not just predictive intelligence, but also generative intelligence.

We’re talking about generative-AI of course.

While we see every enterprise technology vendor on the planet now work to deliver a degree of this new smartness in its platform, applications and tools, it is compelling to look into the mechanics and infrastructure behind its delivery. Why is this so? Because this is not just an oil change, this is an engine refit in many senses i.e. while an AI accelerator can be a simple turbo-charge for some applications, many deployments of this technology will require data workload management at the infrastructure level in order for the technology to work to its full potential - or in some cases to work at all.

AI infrastructure first, smart apps second

Having spent the majority of its 25-year history working to provide IT infrastructure choice across storage services, networking and application management & virtualization, as well as being a key player in the cloud infrastructure management space, VMware is now continuing its systems level development by working with Nvidia to deliver core services that underpin new AI deployments. VMware and Nvidia have expanded their existing partnership to help enterprises that run on VMware’s cloud infrastructure to be ready for the era of generative AI.

While we normally understand the term ‘foundation’ to refer to some type of institution, enterprise IT firms sometimes like to use it to denote a base-level framework competency (Microsoft did it with Windows Communication Foundation back in 2006). Using that same style of naming protocol, VMware Private AI Foundation with Nvidia is designed to enable enterprises to customize foundational models (a technology we have explained here) and run generative AI applications. This could be smart apps that might include chatbots, intelligent assistants, search and summarization services - the latter being a way of using AI to categorize and filter masses of information that might exist in emails, for example. In this case, we see a platform that will exist as an integrated product featuring generative AI software and accelerated computing from Nvidia, built on VMware Cloud Foundation and optimized for AI.

“Generative AI and multi-cloud are the perfect match,” said Raghu Raghuram, CEO, VMware. “Customer data is everywhere — in [company] datacenters, at the [IoT] edge and in their clouds. Together with Nvidia, we’ll empower enterprises to run their generative AI workloads adjacent to their data - with confidence - while addressing their corporate data privacy, security and control concerns.”

Aligning AI adjacency

That point noting ‘adjacency’ to data’ is important. Speaking to press and analysts on a video call this week, VMware’s Paul Turner, vice president of product management vSphere and cloud platform echoed Raghuram’s sentiment by explaining how and why this adjacency is a reality.

“One of the things we believe companies will do now is to bring more of their generative AI workloads to their data, versus moving their data into public cloud services,” said Turner. “These same company’s may run some form of generative AI services with cloud service providers [in more public arenas], but we believe quite a lot of companies and a lot of major enterprises will want to run these technologies in relatively small [more restricted] environments. That way they protect themselves and they protect their data, which is their key asset.”

Jensen Huang, founder and CEO of Nvidia backs up the central messages being delivered here and says that, in the ‘race’ to integrate generative AI into businesses, his firm’s expanded collaboration with VMware will offer organizations the full-stack software and computing they need to unlock the potential of generative AI using custom applications built with their own data. All well and good so far then, but we wanted to know more about how these new strains of generative AI will be adequately supported at the infrastructure level.

A difference in inference

We know that the true power of generative AI happens when it can apply the scope of Large Language Model (LLM) data assets and produce human-like levels of inference i.e. this is intelligence that creates contextualized 'things' that have been inferred from an understanding of the other information around them. Talking about this area and how his firm's Graphical Processing Units (GPUs) work to accelerate the speed at which this intelligence is delivered, Justin Boitano, vice president of enterprise computing at Nvidia explained that his firm's latest Bluefield 3 GPUs deliver 1.4 times extra performance for generative AI on the inference side, more in some cases too.

"As we all know now, corporate data is the new asset, so how you manage your data, how you optimize your data, how you take models like LLaMA and bring that model to colocate within your data in your datacenter, all matters a lot," said Boitano. "We're seeing great innovation in this space [with technologies like pre-training, fine-tuning and in-context learning] to optimize generative AI tuning so that it is relevant to each and every business and is able to create new business value offerings. We're seeing this insight in VMware where we're looking at auto encoders so that we can take our API's and our SDKs, then feed them through an automation mechanism driven by Nvidia - and we're able to actually generate pretty good code samples. It needs further work. Of course, you need to then work on optimizing the model, but the capability and the capacity is there," he noted, in the same call to press and analysts.

As we move ahead here then, what do VMware and Nvidia think the key enabling technologies and identifying functions will be? For certain, analyst house McKinsey estimates that generative AI could add up to US$4.4 trillion annually to the global economy. Looking again at the technologies on offer here, VMware Private AI Foundation with Nvidia is designed to enable organizations to customize essentially open data based Large Language Models; produce more secure and private models for internal usage; and offer generative AI as-a-Service to users.

All of which, on a paper and in practice, will lead to an ability to securely run ‘inference workloads’ (the computing guts that delivers new human-like AI) at major scale. The platform is expected to include integrated AI tools to deliver customers what VMware calls ‘proven models’ trained on their private data in a cost-efficient manner. Being finalized now and rolled out through 2024, the technology here is built on VMware Cloud Foundation and Nvidia AI Enterprise software.

According to the Nvidia team, “The platform will feature Nvidia NeMo, an end-to-end, cloud-native framework included in Nvidia AI Enterprise — the operating system of the Nvidia AI platform — that allows enterprises to build, customize and deploy generative AI models virtually anywhere. NeMo combines customization frameworks, guardrail toolkits, data curation tools and pretrained models to offer enterprises an easy, cost-effective and fast way to adopt generative AI.”

Why infrastructure is rising

This story circulates around the central ways that generative AI is being enabled at the infrastructure level. Because VMware is also delivering functions as automations and assistants for network engineers and developers (the company likes to define its audience into platform teams, networking teams and end user teams), via natural language, the use of these technologies can also arguably broaden.

It’s a wider democratization of technology trend that VMware chief technology officer (CTO) Kit Colbert has explained very clearly. “The line between applications and infrastructure has changed. Things that used to be considered infrastructure (Kubernetes for cloud container orchestration is a good example) have now become infrastructure. Why? Because of the inherent standardization that has happened to make technologies at this level usable and popular in the first place,” said Colbert. “So now, what we must realize is, the infrastructure line itself is always rising.”

We can dovetail these thoughts with other new products from VMware. The company has now introduced a suite of technologies across VMware Tanzu, its modular cloud-native application development, delivery and operations optimization and visibility platform. Because Tanzu is modular and is underpinned by a common data platform and control with support for open interfaces, it enables broad ecosystem integrations. This is multi-cloud management technology that works with VMware’s own Aria product, a multi-cloud management portfolio for managing the cost, performance, configuration and delivery of infrastructure and applications.

“Tanzu and Aria are now evolving into the next generation of Tanzu Application Platform and the new Tanzu Intelligence Services. With an application-centric focus and integration through common data and controls, VMware Tanzu is providing a streamlined platform engineering and cloud operations experience and better software agility,” said Purnima Padmanabhan, senior vice president and general manager, modern apps and management business group at VMware.

Padmanabhan explains that VMware is announcing Tanzu Application Platform to now combines new innovations for platform engineering and operations with the existing capabilities of Tanzu for Kubernetes operations to help companies deliverwhat she calls a ‘world-class’ internal platform.

“Managing applications across clouds is a web of data and technology complexity. Distributed silos of tools and data make it difficult to gain visibility into the dependencies between applications, infrastructure and services. Centralizing management of these disparate systems and enabling shared data helps eliminate silos. This empowers teams to respond more quickly to issues and to continuously tune applications and environments using deep and actionable insights,” notes Padmanabhan and team, in a technical statement.

What is VMware now?

All of which developments analyzed and offered here hopefully clarify some of how the backroom engines running the new breed of generative AI (and indeed, old fashioned predictive AI) will work.

Does that mean VMware is becoming a company that will start to now offer generative AI applications and services in a tangible sense?

No, says CEO Raghuram… and VMware probably wouldn’t ever want to anyway i.e. it wants to do what it has always done which is to provide a competent and all encompassing infrastructure offering that enables firms to always have choice across server, networks, applications, cloud and now Large Language Models in the world of generative AI. It’s a logical enough progression and there is a large product portfolio here ‘underpinning’ this technology proposition - pun not intended, but useful nonetheless - it all starts with infrastructure.

© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

The Microsoft Detection and Response Team (DART) has been renamed to Microsoft Incident Response (Microsoft IR). For more information on IR services, go to Microsoft Incident Response
I don’t know about you, but we’re still catching our breath after 2022. Microsoft Security blocked more than 70 billion email and identity threats last year.¹ In the same 12-month span, ransomware attacks impacted more than 200 large organizations in the United States alone, spanning government, education, and healthcare.² With statistics like those, providing a platform to share security insights and first-hand experience feels like a necessity.
With that goal in mind, Microsoft has launched a new kind of security webinar “for experts, by experts.” The new Security Experts Roundtable series will serve as an accessible video platform for cyber defenders to learn about some of the latest threats while gaining a big-picture view of the cybersecurity landscape. Our inaugural episode aired on January 25, 2023, with an expert panel consisting of:
This episode also features a special appearance by Rachel Chernaskey, Director of the Microsoft Digital Threat Analysis Center, who discusses cyber-enabled influence operations. I host a special remote interview with Mark Simos, Lead Cybersecurity Architect at Microsoft, on how to effectively communicate with your board of directors about cybersecurity. We also talk to Peter Anaman, Director and Principal Investigator at the Microsoft Digital Crimes Unit about tracking global cybercrime, and we have a special guest interview with Myrna Soto, Chief Executive Officer (CEO) and Founder of Apogee Executive Advisors, on the state of cybersecurity in the manufacturing sector.
Back in December 2020, Microsoft investigated a new nation-state attacker now known as Nobelium that became a global cybersecurity threat.³ The following year, the hacker gang Lapsus moved into the spotlight with large-scale social engineering and extortion campaigns directed against multiple organizations.⁴ Those threat groups are still active, but 2022 saw a slowing in their attacks. “We didn’t have too many high-profile mass-casualty events,” Ping points out. “But we did see a continuation of ransomware, identity compromises, and attacks centered on endpoints.”
The ransomware as a service (RaaS) ecosystem has continued to grow.⁵ Jeremy singles out DEV-0401, also known as Bronze Starlight or Emperor Dragon, as a China-based threat actor that’s “shifted their payloads to LockBit 2.0, developing their technology and emerging some of their tradecraft in order to evade detection and target our customers more prolifically.”⁶ Jeremy also calls out DEV-0846 as a provider of custom ransomware,⁷ as well as Russia’s Iridium as a source of ongoing attacks against transportation and logistics industries in Ukraine and Poland.⁸ He also cites Russia-based actor DEV-0586 as using ransomware as a ruse to target customers, then following up with destructive data “wiper” attacks.⁹
In his position as Director of Microsoft Defender Experts, Ryan brings a unique perspective on the changing threat landscape.¹⁰ “It’s been a proliferation of credential theft activity, largely stemming from adversary-in-the-middle attacks.” He points out that this kind of attack “underscores the importance of having a strategy for detection and hunting that’s beyond the endpoint; for example, in the email and identity space.”
“Identity compromises have been on the rise,” Ping concurs. “Attackers are just taking advantage of any vectors of entry that any customer has in their environment. So, it’s really important customers exercise good basic security hygiene.” She stresses that defenders should think of their environment as one organic whole, instead of separate parts. “If you have anything that touches the external world—domain controllers, email—those are all potential vectors of entry by attackers.” In short, protecting against the constantly evolving threats of today (and tomorrow) requires embracing a Zero Trust comprehensive approach to security.¹¹
Cyber-enabled influence operations don’t grab headlines the way ransomware attacks do, but their effects are more pernicious. In this kind of cybercrime, a nation-state or non-state actor seeks to shift public opinion or change behavior through subversive means online. In Jeremy’s talk with Rachel, she breaks down how these types of attacks unfold in three phases:
The most prolific influence actors are labeled advanced persistent manipulators (APMs). Rachel uses the analogy that “APMs are to the information space what APTs (advanced persistent threats) are to cyberspace.” APMs are usually nation-state actors, though not always. Increasingly, the Microsoft Digital Threat Analysis Center (DTAC) sees non-state or private-sector actors employing the same influence techniques. In this way, a threat actor that wages a successful cyberattack might repurpose that capability for subsequent influence operations.
Rachel explains how DTAC uses the “four M model:” message, messenger, medium, and method. The message is just the rhetoric or the content that an actor seeks to spread, which typically aligns with the nation-state’s geopolitical goals. The messengers include the influencers, correspondence, and propaganda outlets that amplify the message in the digital environment. The mediums are the platforms and technologies used to spread the message, with video typically being the most effective. And finally, the methods consist of anything from a hack-and-leak operation to using bots or computational propaganda, or real-world elements like party-to-party political engagement.
So why should private organizations be concerned with cyber-influence operations? “Influence operations inherently seek to sow distrust, and that creates challenges between businesses and users,” Rachel explains. “Increasingly, our team is looking at the nexus between cyberattacks and subsequent influence operations to understand the full picture and better combat these digital threats.”
The Microsoft Digital Crimes Unit (DCU) consists of a global cross-disciplinarian team of lawyers, investigators, data scientists, engineers, analysts, and business professionals.¹² The DCU is committed to fighting cybercrime globally through the application of technology, forensics, civil actions, criminal referrals, public and private partnerships, and the determined assistance of 8,500 Microsoft security researchers and security engineers. The DCU focuses on five key areas: Business Email Compromise (BEC), Ransomware, Malware, Tech Support Fraud, and Malicious Use of Microsoft Azure. According to Peter Anaman, Director and Principal Investigator at DCU, their investigations reveal that cybercriminals are moving away from a “spray-and-pray” approach toward the as a service model. Along with ransomware, cybercriminals are extending their retail services into new areas such as phishing as a service (PhaaS) and distributed denial of service (DDoS).
Threat actors have even created specialized tools to facilitate BEC, including phishing kits and lists of Checked email addresses targeting specific roles, such as C-suite leaders or accounts-payable employees. As part of the service, the seller will design the email template and even scrub the responses to make sure they’re valid. “All for a subscription model of, like, USD200 dollars a month,” Peter explains. DCU investigative evidence has observed a more than 70 percent increase in these services.¹ “We’re finding that there’s a higher number of people who are committing these crimes. They have greater know-how on different technologies and online platforms that could be used as part of the [attack] vector.”
Regardless of the type of cybercrime, DCU goes after threat actors by executing on three main strategies:
In addition to arrest and prosecution, DCU deters cybercrime by disrupting the technical infrastructure used by criminals, causing them to lose their investments. In 2022, DCU helped to take down more than 500,000 unique phishing URLs hosted outside Microsoft while disrupting cybercriminals’ technical infrastructure, such as virtual machines, email, homoglyph domain names, and public blockchain websites.
DCU also works with Microsoft DART to gather intelligence and share it with other security professionals. Some of those indicators—a URL, domain name, or phishing email—may help with future investigations. “That intelligence [we gather] feeds back into our machine learning models,” Peter explains. “If that phishing page or kit is used again there will be better measures to block it at the gate, so our monitoring systems become stronger over time.”
When asked what an organization can do to protect itself, Peter suggests sticking to three cybersecurity basics. First: “Use multifactor authentication,” he stresses. “Ninety percent of [attacks] could have been stopped just by having multifactor authentication.” Second: “Practice [cyber] hygiene. Don’t just click links because you think it comes from a friend.” Cyber hygiene includes installing all software patches and system upgrades as soon as they become available. And third: “You’re really looking at the Zero Trust model,” Peter says. “Enforce least privilege [access]” so people only have access to the information they need. Bonus tip: “Make sure you have the same level of security on your personal email as you do on your work [email].”
In this segment, I have a chance to speak with one of my favorite folks at Microsoft. Mark Simos is Lead Cybersecurity Architect, Microsoft, (and PowerPoint super genius) with more than two decades of experience, so he knows something about dealing with a board of directors. Whether you work for a public or private company, the board is responsible for oversight. That means making sure that the leadership team is not only managing the business but also managing risks. And cybercrime is one of the biggest risks today’s organization contends with.
But for the board to understand the organization’s security positioning, they need to grasp how it relates to the business. Unlike dealing with finances, legal issues, or people management, cybersecurity is a new area for a lot of board members. According to Mark, a big part of winning them over is “making sure that the board members understand that cybersecurity is not just a technical problem to be solved, check, and move on. It’s an ongoing risk.”
In our talk, Mark lays out three basic things the board needs to know:
Bonus tips:
Mark provides a wealth of free resources you can access anytime on Mark’s List.¹³ Also, there’s a chief information security officer (CISO) workshop available as public videos and as a live workshop from Microsoft Unified (formerly Premier Support). The workshop provides plenty of material to help accelerate a productive relationship with your board, including:
Often board members don’t consider that security decisions can be made by asset owners, not just security teams. Mark suggests stressing the holistic aspect of cybersecurity as a differentiator from typical business unit concerns. “With security, it doesn’t matter where the leak is on the boat; it’s still going to sink,” he says. “So, it’s really important for folks to work together as a team and recognize that ‘I’m not just accepting the risk for me; I’m accepting it for everyone.’”
For the last segment of the webinar, we invited an expert to weigh in on one of the most-attacked industry segments across the globe—manufacturing. Myrna Soto is the CEO and founder of Apogee Executive Advisors, and a board member of prominent companies such as Headspace Health, CMS Energy, Banco Popular, Spirit Airlines, and many more. Cybersecurity in the manufacturing sector carries added urgency because many of these entities are part of the nation’s critical infrastructure—whether it’s manufacturing pharmaceuticals, supporting transportation, or feeding the power grid.
The smart factory has introduced more automation into the manufacturing ecosystem, creating new vulnerabilities. “One of the biggest challenges is the number of third-party connections,” Myrna explains. “It relates to how entities are interacting with one another; how certain companies have either air-gapped their Internet of Things (IoT) networks or not.” Myrna points out that the supply chain is never holistically managed by one entity, which means those third-party interactions are critical. She mentions the ability to encrypt certain data in machine-to-machine communications as a crucial part of securing an interconnected manufacturing ecosystem. “The ability to understand where assets are across the ecosystem is one of the key components that need attention,” she points out.
With the prospect of intellectual property loss, disruption to critical infrastructure, along with health and safety risks, Myra sees manufacturing as one area where security teams and board members need to work together with urgency. I asked her to offer some insights gleaned from time spent on the other side of the table—particularly what not to do. “Probably the most annoying thing is the tendency to provide us a deluge of data without the appropriate business context,” she relates. “I’ve seen my share of charts around malware detections, charts on network penetrations. That is difficult for most non-technical board members to understand.”
Be sure to watch the full Security Experts Roundtable episode. We’ll be doing one of these every other month until they kick us off the stage, so remember to sign up for our May episode. Before we wrap up for today, I’d like to invite you to join us on March 28, 2023, for a brand-new event: Microsoft Secure. This event will bring together a community of defenders, innovators, and security experts in a setting where we can share insights, ideas, and real-world skills to help create a safer world for all. Register today, and I’ll see you there!
For more cybersecurity insights and the latest on threat intelligence, visit Microsoft Security Insider.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
¹Microsoft Digital Defense Report 2022, Microsoft. 2022.
²Based on internal research conducted by Microsoft Digital Crimes Unit, January 2023.
³The hunt for NOBELIUM, the most sophisticated nation-state attack in history, John Lambert. November 10, 2021.
⁴DEV-0537 criminal actor targeting organizations for data exfiltration and destruction, Microsoft Threat Intelligence Center. March 22, 2022.
⁵Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself, Microsoft Defender Threat Intelligence. May 9, 2022.
⁶Part 1: LockBit 2.0 ransomware bugs and database recovery attempts, Danielle Veluz. March 11, 2022.
⁷Monthly news—January 2023, Heike Ritter. January 11, 2023.
⁸New “Prestige” ransomware impacts organizations in Ukraine and Poland, Microsoft Security Threat Intelligence. October 14, 2022.
⁹Destructive malware targeting Ukrainian organizations, Microsoft Threat Intelligence Center. January 15, 2022.
¹⁰Microsoft Defender Experts for Hunting proactively hunts threats, Microsoft Security Experts. August 3, 2022.
¹¹Implementing a Zero Trust security model at Microsoft, Inside Track staff. January 10, 2023.
¹²Digital Crimes Unit: Leading the fight against cybercrime, Microsoft. May 3, 2022.
¹³Mark’s List, Mark Simos.
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
In a latest investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place.

source

Microsoft today reported the appointment of Puneet Chandok as the Corporate Vice President of Microsoft India and South Asia effective from 1 September 2023.

The Company said Chandok will assume the operational responsibilities from Anant Maheshwari.

Chandok’s appointment comes at a time of continued market expansion for Microsoft as a leader in cloud technology and digital innovation.

Supported by a strong leadership team, Puneet will oversee the integration of Microsoft's businesses across South Asia, including Bangladesh, Bhutan, Maldives, Nepal, and Sri Lanka, further boosting the company's presence in the region, while deepening its focus on key industries through a customer-centric approach with generative AI at its core.

Commenting on the appointment, Ahmed Mazhari, President of Microsoft Asia said, “We are delighted to announce that Puneet will be joining Microsoft India”.

He emphasised Chandok has a strong track record of building and growing technology businesses and leveraging technology to deliver impact and change. As we embrace an AI-led future, Puneet's leadership will play a vital role in ensuring Microsoft’s ongoing success in South Asia, and I extend my thanks to Anant Maheshwari for setting us on a growth path.

Puneet Chandok said, "I am inspired by Microsoft’s mission to empower every person and every organisation on the planet to achieve more. As India expands its own digital public infrastructure, I believe that this mission is more relevant here than ever before and I am thrilled to be joining the One Microsoft team to make this mission a reality.”

Brooke Taylor

15 August 2023 Consultancy.uk 3 min. read