Today: why Microsoft's decision to make Satya Nadella CEO ten years ago this weekend changed the direction of one of America's most iconic tech companies, how Cloudflare got hacked and kept the receipts, and the quote of the week.
Today: AWS growth ticks up a fraction for the first time in a while, CISA issues an "unprecedented" warning to government agencies, and the latest moves in enterprise tech.
Today: Microsoft and Google Cloud turn in their quarterly report cards, Blackstone's plan to become a data-center giant, and the latest funding rounds in enterprise tech.
Today: F5 CEO François Locoh-Donou on zombie APIs, the MOVEit vulnerability finds a ransomware gang alive and well, and the latest funding rounds raised by enterprise tech startups.
Hello and welcome to Runtime! Today: F5 CEO François Locoh-Donou on zombie APIs, the MOVEit vulnerability finds a ransomware gang alive and well, and the latest funding rounds raised by enterprise tech startups.
The companies that built the first round of internet infrastructure didn't all make the transition to the cloud computing era. F5 did, and CEO François Locoh-Donou, now in his seventh year running the Seattle networking and security company, is steering it through yet another transition.
F5 began a pivot toward application software and security around the time he joined in 2017, after making a name for itself with networking hardware that was used widely inside the data centers of the dot-com bubble. Now its goal is to be an "infrastructure agnostic" provider of software that helps companies manage and protect applications spread across the cloud and on-premises systems.
In a recent interview with Runtime, Locoh-Donou discussed several topics.
On global tech spending:
FLD: We saw quite a sudden shift — I would say late in the fall — in the spending patterns of our customers, and then I would say it deteriorated and continued to get worse into the first calendar quarter of the year. Generally, it's deflated to what it was a year ago. We don't think it's getting worse. We don't think it's getting better yet.
Customers don't know what the next six months look like, so they've tightened their budgets. They don't want to make big spending commitments unless they absolutely have to.
On SBOMs (software bill of materials):
FLD: SBOMs are going to continue to drive more awareness at most large enterprises around what needs to be done. When you have applications that are using a lot of open-source code, for a long time I think a lot of companies did not know what went into their code and where it came from. Log4j was a huge wake-up call to a lot of people, and it's causing people to be more disciplined around managing their open-source code.
And applications now interact with a lot of third-party applications, so API security is a massive issue. A lot of people don't have the ability to discover shadow APIs and zombie APIs and third-party APIs. And so you will see more and more focus going to API security at F5.
On "zombie APIs":
FLD: APIs are an entry point for attackers to attack an application. They can pretend to be a legitimate API call and when they're not, they can detect vulnerabilities in APIs and exploit those vulnerabilities (and) they can inject malicious code through APIs. And the challenge for a lot of companies is they don't actually know how many APIs they have in their environment, either because developers have not updated all the libraries to say, "here's all the APIs we're dealing with," or because there are APIs that were legacy and not maintained — we call those zombie APIs, or shadow APIs — or because there are third-party APIs that you are not aware of.
Part of the domain of API security is first to be able to discover all the APIs you have, manage them, and make sure you have an inventory of all your APIs. Doing that requires strong application fluency. API attacks require strong Layer 7 understanding; the people who attack APIs have a strong understanding of application logic.
Read the full interview on Runtime here.
Reports began to emerge late last week of a new ransomware attack exploiting a vulnerability in Progress Software's MOVEit file-transfer software. As victims began to come forward over the weekend Microsoft attributed the attack to the Clop ransomware gang, which has been operating for several years but was thought to have been hobbled by a series of arrests two years ago.
Under its new head-scratching security-threat attribution nomenclature, Clop is now known as "Lace Tempest" to Microsoft security researchers, who use the "Tempest" suffix to designate a group that's basically just in it for the money. The group has stolen more than $500 million from various companies and organizations over the last few years, but investigators had hoped that several arrests carried out in Ukraine in 2021 had slowed down the group.
The cross-border nature of ransomware groups — especially groups like Clop known to be affiliated with Russian cybercriminal elements — makes this problem increasingly difficult to solve. Progress Software released patches and remediations that customers should employ sooner rather than later, as the group began making extortion demands Tuesday afternoon.
Instabase raised $45 million at a $2 billion valuation to expand its arsenal of document-processing tools for vertical industries such as healthcare and financial services.
Lightmatter raised $154 million as the AI boom spurs demand for its prototype optical computing hardware and software, which can accelerate machine-learning tasks.
Cortex landed $35 million to join the growing number of startups building software development platform technology designed for the complexity of modern apps.
LlamaIndex scored $8.5 million in seed funding to bring some of the principles behind new approaches to data management into the generative AI boom.
HR SaaS giant UKG acquired Immedis, a payroll management company based in Ireland, for "well over €500 million ($534M)," according to RTE.
GitLab beat Wall Street expectations and raised guidance for the year, throwing in an announcement for generative AI plans just to make the traders happy.
Microsoft announced plans for a new cloud region in Italy, which would be the 17th current or planned cloud region it operates in Europe.
Techcrunch profiled Evroc, a new startup with a lofty mission to build "Europe’s first truly hyperscale cloud" and reduce the continent's reliance on American cloud providers.
Thanks for reading — see you Thursday!
Today: Microsoft and Google Cloud turn in their quarterly report cards, Blackstone's plan to become a data-center giant, and the latest funding rounds in enterprise tech.
Today: why Microsoft's decision to make Satya Nadella CEO ten years ago this weekend changed the direction of one of America's most iconic tech companies, how Cloudflare got hacked and kept the receipts, and the quote of the week.
Today: AWS growth ticks up a fraction for the first time in a while, CISA issues an "unprecedented" warning to government agencies, and the latest moves in enterprise tech.
Today: a new study examines the factors that really separate productive software organizations, Microsoft releases more details on the breach of its systems, and the quote of the week.
