Amazon Web Services on Tuesday revealed another systems administration security highlight that will let clients locally imitate system traffic from an EC2 case. The new VPC traffic reflecting element empowers clients to reflect EC2 occurrence traffic inside their Amazon Virtual Private Cloud ( VPC) and forward that traffic to security and checking apparatuses - making it simpler to lead content review, risk observing or investigating.
Running a perplexing system isn't a simple employment," Jeff Barr, boss evangelist for AWS, wrote in a blog entry. "Notwithstanding basically keeping it fully operational, you have to keep an ever-careful gaze out for uncommon traffic examples or substance that could imply a system interruption, a traded off case, or some other irregularity."
Beforehand, clients hosted to introduce and oversee third-get-together operators on EC2 occurrences to catch and mirror traffic.
The security and observing apparatuses that coordinate with VPC traffic reflecting are accessible on AWS Marketplace. A few AWS accomplices on Tuesday, including JASK, NetScout and Palo Alto Networks, declared arrangements that coordinate with VPC traffic reflecting.
Clients can send them on an individual EC2 occasion or an armada of examples. They can likewise channel the traffic that is reflected, to restrict checking to traffic they're keen on.
VPC Traffic Mirroring is currently accessible in all business AWS Regions with the exception of Asia Pacific (Sydney), China (Beijing), and China (Ningxia). Backing for those locales will be included soon.
The new element was one of different systems administration and cloud security declarations made for the current week at AWS's new re:Inforce security gathering.
AWS is additionally presenting another APN Security Navigate track for AWS Partner Network (APN) organizations. The track will offer direction to APN accomplices that need to assemble aptitude in cloud security on AWS.
One APN accomplice, Symantec, reported Tuesday another joining between its Cloud Workload Protection (CWP) item and Amazon's GuardDuty. The new administration gives mechanized risk location and remediation, just as discovery of foundation misconfigurations, for AWS outstanding tasks at hand and capacity. It additionally conveys programmed security mode, which summons cloud APIs for mechanized reaction to approach infringement.
AWS this week additionally reported the general accessibility of Security Hub, an administration that give clients a far reaching perspective on their consistence with security models and their high need AWS security cautions. Declared finally year's re:Invent meeting, the administration unite discoveries from AWS administrations like GuardDuty, Amazon Inspector and Amazon Macie, uniting them in a solitary dashboard.
Sunday, June 30, 2019
Sunday, June 23, 2019
DoD's JEDI adventure proceeds with government, AWS returning flame in most recent dissent recording
The administration and Amazon Web Services both spread out itemized contentions this week for why a government court should dismiss an offer challenge by Oracle America against the Defense Department's multibillion dollar JEDI cloud contract.
The filings speak to one of the last chances to safeguard the cloud acquisition under the watchful eye of the Court of Federal Claims issues a normal administering in mid-July. In them, Justice Department and AWS lawyers contend that Oracle's multifaceted test is without legitimacy, and that DoD ought to have the option to continue with its arranged honor to either AWS or Microsoft in July.
A large number of the contentions endeavor to disassemble Oracle's cases that the JEDI contract was lethally imperfect in light of irreconcilable situations by three separate DoD representatives with associations with Amazon. Prophet has contended that in any event two of those representatives — Deap Ubhi and Victor Gavin — had offers of employment from AWS close by at the time they were engaged with or impacting the arranging procedure for JEDI.
Be that as it may, government and AWS lawyers said those worries previously had been explored and tended to by the JEDI contracting officer, Chandra Brooks.
For Ubhi's situation, the filings recognize that Ubhi submitted morals infringement by conversing with AWS about future business while he was all the while working for the Defense Digital Service and engaged with JEDI, and that he attempted to "cover" those infringement.
"In light of an intensive examination, be that as it may, the contracting officer likewise decided Mr. Ubhi did not present inclination for AWS during the obtainment, and, regardless of whether he did, Mr. Ubhi's predisposition has no effect on the obtainment," DOJ lawyers composed.
AWS likewise invested significant energy in its documenting pushing back against Oracle's cases of Ubhi, Gavin — whose name keeps on being redacted in the filings — and Anthony DeMartino's job in the acquirement.
"DoD completely explored the constrained inclusion of previous government authorities Deap Ubhi, [Victor Gavin] and Anthony DeMartino in the acquirement, and normally verified that they couldn't have contrarily affected JEDI and did not adversely affect JEDI. Prophet can't help contradicting those conclusions, however it does as such by overlooking controlling legitimate point of reference and misreading the truthful record," AWS states. "Concerning. Ubhi, for instance, Oracle proceeds to terribly overstate his job, mistakenly alluding to him as the JEDI 'lead PM' and 'one of four DDS work force driving JEDI.' in all actuality, Mr. Ubhi's job was constrained to primer statistical surveying."
AWS says Ubhi recused himself from JEDI in October 2017, which was:
Before the Joint Requirements Oversight Council recognized the underlying prerequisites in December 2017;
Before DoD distributed draft requesting in March, April and May of 2018;
Before DoD presented the RFP bundle for a point by point companion audit in April 2018;
Before DoD concluded the securing system and Solicitation in July 2018; and
Before the contracting officer, under secretary, and Defense Digital Service Deputy Director endorsed the single-grant and door criteria judgments in July 2018.
"Mr. Ubhi was not in any case working at DoD during these basic timespans. In this way, Oracle's declaration that Mr. Ubhi by one way or another impacted every choice isn't just unreasonable however an in an exposed fashion self-serving endeavor to condemn the trustworthiness of the whole Department of Defense," AWS states.
Infringement may have happened
The administration recognized that Ubhi had been a solid backer for the single-grant technique DoD in the end settled on, yet that he had left the office well before an official choice was made on the issue. Furthermore, the filings attest that despite the fact that he may have approached inward data on the division's obtaining procedure, he never imparted that data to AWS.
In like manner, the filings recognize that a moment official, Gavin, may have damaged the Procurement Integrity Act by going to in any event one JEDI securing system meeting after he'd been offered an occupation by AWS. However, they state Brooks was well inside her prudence to choose that the potential infringement still didn't impact the acquisition, mostly on the grounds that she was fulfilled that he never gave any delicate obtainment data to Amazon.
At the gathering, which Brooks likewise visited, Gavin "did not demonstrate any inclination toward a specific merchant," legal advisors composed. "[He] contended ineffectively for a numerous honor approach, yet did not give any recommended alters to the draft securing system. The contracting officer presumed that he ought not have taken an interest in this gathering, as he had recently acknowledged an offer of employment from AWS. By the by, in light of her own insight into the gathering, she sensibly discovered that contention has no effect on the JEDI securing choices and reports."
Prophet has additionally contended the Pentagon's choice to structure JEDI as a solitary honor contract was illicit, since government acquisition laws by and large expect organizations to make inconclusive conveyance/uncertain amount grants to different merchants "to the most extreme degree practicable."
However, there, as well, the new filings state the court ought to concede to the getting officer's judgment, especially for an obtainment that effects national barrier. They contend that not exclusively was DoD permitted to issue JEDI as a solitary honor contract, however that the situation being what it is, it was required to.
"A similar resolution that requires guidelines setting up an 'inclination' for numerous honors additionally requires guidelines that 'build up criteria for deciding when grant of various undertaking or conveyance request contracts would not be to the greatest advantage of the government,'" lawyers composed.
They included that Brooks distinguished at any rate three reasons a different honor ID/IQ wouldn't be fitting: DoD would show signs of improvement valuing with a solitary honor, the expense of directing numerous honors would exceed the advantages, and a general end that various honors would not be to DoD's greatest advantage. The piece of the Federal Acquisition Regulation she depended on expected her to take a gander at those criteria and maintain a strategic distance from a solitary honor contract if any of them became an integral factor, they said.
"Deciding if these three circumstances apply requires the contracting officer to practice her business judgment and watchfulness. Insofar as the contracting officer objectively verified that one of these circumstances exists, it can't be considered 'practicable' to utilize a different honor approach for the JEDI obtainment."
Prophet is 'not in a similar class'
In April, DoD limited the field of potential contenders for JEDI — taking out Oracle and IBM from the "focused range" — keeping just AWS and Microsoft in the challenge. It did as such based on "door criteria" the office spread out in its underlying solicitation for recommendations.
One such "door" indicated the measure of capacity and transmission capacity each cloud contender should have been giving to business clients as of January and February 2018, so the office could make certain that JEDI would not make up the greater part of the champ's cloud business. Another expected merchants to have their server farms ensured by the administration's FedRAMP program even before offers were expected.
Prophet guarantees the doors were illicit and silly. For example, it says that if the size of its business client base was estimated only one month later — March as opposed to February — it would have cleared the main entryway.
The main entryway plot DoD's base necessities for cloud administrations concentrated on facilitating applications and information basic to its central goal.
Be that as it may, the administration asserts Oracle's administration contributions were unmistakably not up to DoD's necessities, and there was no motivation to consider the remainder of its proposition after it neglected to clear the entryways.
"Prophet's chances of being granted the JEDI contract are thin, regardless of whether the door criteria it difficulties were evacuated. As opposed to the proposal in its supplemental brief, Oracle isn't in a similar class as Microsoft and AWS with regards to giving business IaaS and PaaS cloud benefits on an expansive scale."
AWS additionally invested significant energy in its documenting tending to the entryway criteria and why Oracle's contentions against DoD's choices don't hold water.
AWS states, DoD's "investigations were exhaustive and well-contemplated, and Oracle's contentions unexpectedly present simply insignificant contradiction established on rehashed misquotes of certainty and law and a principal refusal to connect with DoD's reported discoveries on national security and mission-basic prerequisites."
Amazon Web Services likewise asks the judge a few times in its recording to run against Oracle on the grounds that the organization isn't qualified dependent on bombing the principal entryway criteria.
"Prophet disregards its substantial weight and the essential predicates for its different claims. However, when appropriately comprehended, Oracle's contentions are just a place of cards prepared to topple," AWS states. "The first — in fact, the main issue this court must choose is whether Oracle meets DoD's base needs, as communicated in Gate Criteria I. I. On the off chance that Oracle does not, at that point it can't be biased by, and needs remaining to raise, any of its residual difficulties."
The filings speak to one of the last chances to safeguard the cloud acquisition under the watchful eye of the Court of Federal Claims issues a normal administering in mid-July. In them, Justice Department and AWS lawyers contend that Oracle's multifaceted test is without legitimacy, and that DoD ought to have the option to continue with its arranged honor to either AWS or Microsoft in July.
A large number of the contentions endeavor to disassemble Oracle's cases that the JEDI contract was lethally imperfect in light of irreconcilable situations by three separate DoD representatives with associations with Amazon. Prophet has contended that in any event two of those representatives — Deap Ubhi and Victor Gavin — had offers of employment from AWS close by at the time they were engaged with or impacting the arranging procedure for JEDI.
Be that as it may, government and AWS lawyers said those worries previously had been explored and tended to by the JEDI contracting officer, Chandra Brooks.
For Ubhi's situation, the filings recognize that Ubhi submitted morals infringement by conversing with AWS about future business while he was all the while working for the Defense Digital Service and engaged with JEDI, and that he attempted to "cover" those infringement.
"In light of an intensive examination, be that as it may, the contracting officer likewise decided Mr. Ubhi did not present inclination for AWS during the obtainment, and, regardless of whether he did, Mr. Ubhi's predisposition has no effect on the obtainment," DOJ lawyers composed.
AWS likewise invested significant energy in its documenting pushing back against Oracle's cases of Ubhi, Gavin — whose name keeps on being redacted in the filings — and Anthony DeMartino's job in the acquirement.
"DoD completely explored the constrained inclusion of previous government authorities Deap Ubhi, [Victor Gavin] and Anthony DeMartino in the acquirement, and normally verified that they couldn't have contrarily affected JEDI and did not adversely affect JEDI. Prophet can't help contradicting those conclusions, however it does as such by overlooking controlling legitimate point of reference and misreading the truthful record," AWS states. "Concerning. Ubhi, for instance, Oracle proceeds to terribly overstate his job, mistakenly alluding to him as the JEDI 'lead PM' and 'one of four DDS work force driving JEDI.' in all actuality, Mr. Ubhi's job was constrained to primer statistical surveying."
AWS says Ubhi recused himself from JEDI in October 2017, which was:
Before the Joint Requirements Oversight Council recognized the underlying prerequisites in December 2017;
Before DoD distributed draft requesting in March, April and May of 2018;
Before DoD presented the RFP bundle for a point by point companion audit in April 2018;
Before DoD concluded the securing system and Solicitation in July 2018; and
Before the contracting officer, under secretary, and Defense Digital Service Deputy Director endorsed the single-grant and door criteria judgments in July 2018.
"Mr. Ubhi was not in any case working at DoD during these basic timespans. In this way, Oracle's declaration that Mr. Ubhi by one way or another impacted every choice isn't just unreasonable however an in an exposed fashion self-serving endeavor to condemn the trustworthiness of the whole Department of Defense," AWS states.
Infringement may have happened
The administration recognized that Ubhi had been a solid backer for the single-grant technique DoD in the end settled on, yet that he had left the office well before an official choice was made on the issue. Furthermore, the filings attest that despite the fact that he may have approached inward data on the division's obtaining procedure, he never imparted that data to AWS.
In like manner, the filings recognize that a moment official, Gavin, may have damaged the Procurement Integrity Act by going to in any event one JEDI securing system meeting after he'd been offered an occupation by AWS. However, they state Brooks was well inside her prudence to choose that the potential infringement still didn't impact the acquisition, mostly on the grounds that she was fulfilled that he never gave any delicate obtainment data to Amazon.
At the gathering, which Brooks likewise visited, Gavin "did not demonstrate any inclination toward a specific merchant," legal advisors composed. "[He] contended ineffectively for a numerous honor approach, yet did not give any recommended alters to the draft securing system. The contracting officer presumed that he ought not have taken an interest in this gathering, as he had recently acknowledged an offer of employment from AWS. By the by, in light of her own insight into the gathering, she sensibly discovered that contention has no effect on the JEDI securing choices and reports."
Prophet has additionally contended the Pentagon's choice to structure JEDI as a solitary honor contract was illicit, since government acquisition laws by and large expect organizations to make inconclusive conveyance/uncertain amount grants to different merchants "to the most extreme degree practicable."
However, there, as well, the new filings state the court ought to concede to the getting officer's judgment, especially for an obtainment that effects national barrier. They contend that not exclusively was DoD permitted to issue JEDI as a solitary honor contract, however that the situation being what it is, it was required to.
"A similar resolution that requires guidelines setting up an 'inclination' for numerous honors additionally requires guidelines that 'build up criteria for deciding when grant of various undertaking or conveyance request contracts would not be to the greatest advantage of the government,'" lawyers composed.
They included that Brooks distinguished at any rate three reasons a different honor ID/IQ wouldn't be fitting: DoD would show signs of improvement valuing with a solitary honor, the expense of directing numerous honors would exceed the advantages, and a general end that various honors would not be to DoD's greatest advantage. The piece of the Federal Acquisition Regulation she depended on expected her to take a gander at those criteria and maintain a strategic distance from a solitary honor contract if any of them became an integral factor, they said.
"Deciding if these three circumstances apply requires the contracting officer to practice her business judgment and watchfulness. Insofar as the contracting officer objectively verified that one of these circumstances exists, it can't be considered 'practicable' to utilize a different honor approach for the JEDI obtainment."
Prophet is 'not in a similar class'
In April, DoD limited the field of potential contenders for JEDI — taking out Oracle and IBM from the "focused range" — keeping just AWS and Microsoft in the challenge. It did as such based on "door criteria" the office spread out in its underlying solicitation for recommendations.
One such "door" indicated the measure of capacity and transmission capacity each cloud contender should have been giving to business clients as of January and February 2018, so the office could make certain that JEDI would not make up the greater part of the champ's cloud business. Another expected merchants to have their server farms ensured by the administration's FedRAMP program even before offers were expected.
Prophet guarantees the doors were illicit and silly. For example, it says that if the size of its business client base was estimated only one month later — March as opposed to February — it would have cleared the main entryway.
The main entryway plot DoD's base necessities for cloud administrations concentrated on facilitating applications and information basic to its central goal.
Be that as it may, the administration asserts Oracle's administration contributions were unmistakably not up to DoD's necessities, and there was no motivation to consider the remainder of its proposition after it neglected to clear the entryways.
"Prophet's chances of being granted the JEDI contract are thin, regardless of whether the door criteria it difficulties were evacuated. As opposed to the proposal in its supplemental brief, Oracle isn't in a similar class as Microsoft and AWS with regards to giving business IaaS and PaaS cloud benefits on an expansive scale."
AWS additionally invested significant energy in its documenting tending to the entryway criteria and why Oracle's contentions against DoD's choices don't hold water.
AWS states, DoD's "investigations were exhaustive and well-contemplated, and Oracle's contentions unexpectedly present simply insignificant contradiction established on rehashed misquotes of certainty and law and a principal refusal to connect with DoD's reported discoveries on national security and mission-basic prerequisites."
Amazon Web Services likewise asks the judge a few times in its recording to run against Oracle on the grounds that the organization isn't qualified dependent on bombing the principal entryway criteria.
"Prophet disregards its substantial weight and the essential predicates for its different claims. However, when appropriately comprehended, Oracle's contentions are just a place of cards prepared to topple," AWS states. "The first — in fact, the main issue this court must choose is whether Oracle meets DoD's base needs, as communicated in Gate Criteria I. I. On the off chance that Oracle does not, at that point it can't be biased by, and needs remaining to raise, any of its residual difficulties."
Sunday, June 16, 2019
Why cloud is the best defense against AWS
Amazon CTO Werner Vogels once famously said the company is "in the business of pain management for enterprises." That broad mission has given AWS ample excuse to tackle everything from data warehousing to storage to email services. In the process, it has also given plenty of startups angst over how to compete.
Intriguingly, some of the companies most threatened by AWS's cloud services have found the key to competing and, yes, beating AWS: They're fighting cloud with cloud.
It's not about a license
It's become fashionable for open source companies to introduce proprietary licenses as a way to ward off AWS. Most recently, CockroachDB introduced a new license that keeps its code to everyone except those that want to "offer a commercial version of CockroachDB as a service without buying a license."
Or, as CockroachDB co-founder Spencer Kimball put it, "We're basically putting a kind of patent protection against Amazon-like behavior." They're also making their code expressly not open source. Hurray for progress!
To this defensive posturing, VM (Vicky) Brasseur offers a sharp response: "These projects are not being relicensed to protect them from Amazon. Claiming that they are is at best naive and at worst wilfully lying. These companies are relicensing projects to cover for the fact that they are ignorant of how to run a successful business."
And yet a few, like MongoDB and Elastic, absolutely do know how to run a successful business. Both companies keep seeing their stocks soar with positive earnings. What's their secret?
It's called cloud.
Fight cloud with cloud
Asked about the difficulty of fighting AWS, MongoDB CEO Dev Ittycheria was sanguine:
We see no impact.... In fact, I think it's frankly raised MongoDB's awareness….We feel very confident about our ability to go head-to-head with any other alternative out there. And so, we think that [AWS' introduction of a MongoDB-compatible DocumentDB service] actually has been great for awareness and great for customer education and we see no impact on a negative basis whatsoever.
How's that? "No impact on a negative basis whatsoever"? It helps that for the last few quarters the percentage of MongoDB's cloud revenue keeps climbing, and most recently saw revenue growth of its Atlas cloud service top 340%. From 0% cloud revenue to 35% today, MongoDB has established the game plan for taking care of customers while holding off would-be competitors. As mentioned in MongoDB's latest earnings call, the company now releases new functionality first on Atlas and later to the on-premises product.
MongoDB, in short, is becoming cloud-first.
Or take Elastic, a company with an even more direct competition from AWS. AWS, long criticized for not being friendly to open source, actually has sought to out-open the open source Elastic by releasing the Open Distro for Elasticsearch to combat what it perceived as "significant intermingling of proprietary code into the [open source Elasticsearch] code base."
Elastic isn't quite as far along in its cloud journey as MongoDB, with 16.5% of its revenue derived from its cloud business. That percentage, however, roughly corresponds to where MongoDB was just a year ago in its own cloud business. While Elastic CFO Jansen Moorjani was quick to declare Elastic "agnostic to customer preferences on how to purchase our subscriptions" on the company's most recent earnings call, he also acknowledged the cloud business is expected to keep expanding as a percentage of revenue.
And why? Well, partly because it makes good business sense, but that "business sense" has much more to do with what customers want to buy than it does with any anti-AWS pressure. If AWS is a threat, it's simply because AWS knows how to deliver software services better than the companies hoping to profit from "their" open source software. For companies like MongoDB and Elastic, they've recognized that cloud is an opportunity to better serve customers. That superior customer experience is what is protecting them from AWS, and not some new license gymnastics routine
Intriguingly, some of the companies most threatened by AWS's cloud services have found the key to competing and, yes, beating AWS: They're fighting cloud with cloud.
It's not about a license
It's become fashionable for open source companies to introduce proprietary licenses as a way to ward off AWS. Most recently, CockroachDB introduced a new license that keeps its code to everyone except those that want to "offer a commercial version of CockroachDB as a service without buying a license."
Or, as CockroachDB co-founder Spencer Kimball put it, "We're basically putting a kind of patent protection against Amazon-like behavior." They're also making their code expressly not open source. Hurray for progress!
To this defensive posturing, VM (Vicky) Brasseur offers a sharp response: "These projects are not being relicensed to protect them from Amazon. Claiming that they are is at best naive and at worst wilfully lying. These companies are relicensing projects to cover for the fact that they are ignorant of how to run a successful business."
And yet a few, like MongoDB and Elastic, absolutely do know how to run a successful business. Both companies keep seeing their stocks soar with positive earnings. What's their secret?
It's called cloud.
Fight cloud with cloud
Asked about the difficulty of fighting AWS, MongoDB CEO Dev Ittycheria was sanguine:
We see no impact.... In fact, I think it's frankly raised MongoDB's awareness….We feel very confident about our ability to go head-to-head with any other alternative out there. And so, we think that [AWS' introduction of a MongoDB-compatible DocumentDB service] actually has been great for awareness and great for customer education and we see no impact on a negative basis whatsoever.
How's that? "No impact on a negative basis whatsoever"? It helps that for the last few quarters the percentage of MongoDB's cloud revenue keeps climbing, and most recently saw revenue growth of its Atlas cloud service top 340%. From 0% cloud revenue to 35% today, MongoDB has established the game plan for taking care of customers while holding off would-be competitors. As mentioned in MongoDB's latest earnings call, the company now releases new functionality first on Atlas and later to the on-premises product.
MongoDB, in short, is becoming cloud-first.
Or take Elastic, a company with an even more direct competition from AWS. AWS, long criticized for not being friendly to open source, actually has sought to out-open the open source Elastic by releasing the Open Distro for Elasticsearch to combat what it perceived as "significant intermingling of proprietary code into the [open source Elasticsearch] code base."
Elastic isn't quite as far along in its cloud journey as MongoDB, with 16.5% of its revenue derived from its cloud business. That percentage, however, roughly corresponds to where MongoDB was just a year ago in its own cloud business. While Elastic CFO Jansen Moorjani was quick to declare Elastic "agnostic to customer preferences on how to purchase our subscriptions" on the company's most recent earnings call, he also acknowledged the cloud business is expected to keep expanding as a percentage of revenue.
And why? Well, partly because it makes good business sense, but that "business sense" has much more to do with what customers want to buy than it does with any anti-AWS pressure. If AWS is a threat, it's simply because AWS knows how to deliver software services better than the companies hoping to profit from "their" open source software. For companies like MongoDB and Elastic, they've recognized that cloud is an opportunity to better serve customers. That superior customer experience is what is protecting them from AWS, and not some new license gymnastics routine
Subscribe to:
Posts (Atom)