Episode Transcript
[00:00:02] Speaker A: Hello, everyone, and welcome to another episode of global tech tv podcast. This episode was recorded at the end of July 24. And as we did the last month, we are recording with Segal and Raz the news of the last month, July.
And please, Raz, feel free to start right now.
[00:00:24] Speaker B: Thank you. So happy to be here again. And believe it or not, this month I could have take at least an hour, maybe more, just about so many cyber stories. But I tried to choose, like, the ones that I like the most and also the ones that I think they are worth time to spend and double click on them and.
[00:00:51] Speaker A: But, Raj, before we start, what do you really like? Please tell me.
[00:00:57] Speaker B: I like you.
[00:01:00] Speaker A: The news that were exploding, doing bombs, et cetera, or the technical parts.
[00:01:07] Speaker B: I like the technical parts.
And I like also the impact, how it's going to impact, because sometimes there is an incident or a malware that is super sophisticated, but it's a niche. Only few companies, only one maybe individual. You look at the code and you say, wow, amazing. Brilliant. But the impact, very small, very narrow. But sometimes you don't have like a sophisticated attack or incident.
And the impact is so wide that it's blowing my mind.
[00:01:49] Speaker A: Okay. Okay. So now we are entering to your head. It's good. Okay.
[00:01:55] Speaker B: You want to be a doctor?
[00:01:58] Speaker A: I miss it in my career. That's it.
[00:02:01] Speaker B: Okay. Just checking. Just checking.
Let's take segue to the biggest incident in the history of it and cybersecurity.
The crowd tried incident, and some people in 2000, I don't know where you were, but I was like, waiting as a teenage to bug. 2000. What's gonna happen with the cloak? What's gonna happen with the synchronization? The world is gonna stop. It was the first early days of the Internet.
Guess what? Nothing happened.
[00:02:44] Speaker C: It was the biggest wait for the entire century. Biggest one.
People were waiting for weeks for something for the doomsday to happen.
Eventually, nothing major really happened.
[00:03:00] Speaker B: I honestly, I was awake the entire night on that day, entire night waiting for something to happen.
But on July 19, I didn't wait for anything to happen.
2024, the news start to pop in. Ongoing notifications. Friends, other friends groups, WhatsApp groups, blogs, Twitter, you name it.
Crowdstrike had the biggest. As for now, maybe tomorrow it's going to be different. Yeah. We're never going to know what's going to happen tomorrow. As for now, it's the biggest. And this is something I adapt for listening and reading lots of articles. This is the biggest it incident. Okay. Some people are getting confused. This is an IT incident in the history. And why is that? Because the impact as far as we know, based on yesterday, yeah, 8.5 million endpoints were infected.
Hospitals, hotels, airlines, banks actually they were.
[00:04:19] Speaker C: Not infected but impacted. Meaning. Yeah, for me it's resilience.
[00:04:27] Speaker B: Yeah, it's got inspected by a rogue. I even gonna take this aspect, a rogue update.
Don't be, don't have any mistake. This is a human error.
It wasn't computer error, it was a human error. And we're gonna touch it in a second. But before going into the details, I want to take you into the road of. And I like history. I think I said it just before this episode, I don't know if you remember BSod, blue screen of that. We kind of used to that, you know, in Windows 3.11, Windows 95 was we got the blue screen. Okay. We just reboot. That was something that we used to do all the time. We forgot that this one is actually exist and it can happen. Yeah. Unfortunately, Crowdstrike and Microsoft together remind us that the infrastructure for Microsoft is still very close to the kernel, meaning that any vendor that want to have kind of capability to collect data to change something in the kernel it's open. And the kernel for the audience that doesn't aware, what does it mean? It's the core, it's how it's functioning.
It's the brain, it's not the heart, it's the brain of the operating system. So based on Microsoft, they reported only, and I'll say only because. To be continued. 8.5 million endpoints been affected by this arrow. Hospitals, hotels, airlines, airports, banks. Imagine that people weren't able to withdraw cash in ATM's. So let's take for a second, Ariel. You wake up in the morning, you go into the ATM because you want to have a few bucks or cash, you know, to take your coffee in the morning, but you cannot take your coffee. So you're super disappointed. So you walk in the street and you go, I don't know if you like it or not, but Starbucks, yes, some people like Starbucks.
[00:06:48] Speaker A: Yeah.
[00:06:48] Speaker B: And you're smelling the coffee, you're going to Starbucks and the computer is Starbucks doesn't work, you don't have money, they cannot sell coffee. So what they decided to do, which is genius, okay. They start to give free coffees. On that morning, hundreds of thousands of free coffees have been delivered in, in America. And not just Starbucks. Also one of my favorite donuts, Krispy Kreme. I don't know if you're aware of them. They did the same. They prepared a thousand that were ready to deliver the donuts the morning, but the point of sale didn't work, so they start to give away for free donuts. Imagine the chaos. And I'm not talking even about the airline tickets, the boarding tickets that were written with a pen, manually.
Not just in India, also in JFK. And I have a friend that saw it on his eyes. He was supposed to get to a conference in San Diego, but he was stuck in New York for two days. Wow.
Yeah.
So just understand the chaos. One thing that I pick up, which I like, you know, when there is a disruption moment, and I will. This is why it's blowing my mind. Yeah. We spoke about the wide impact. Yeah.
On that. On the day after. On the same day. I don't know, yel, if you're aware of the decathlon, I know that Ariel now is, like, one of the members over there. Yeah, yeah. But decathlon, you know, the logo is blue. So what they did on that day, they just published right away a commercial, say, on their blue, you know, background, say, if you can do anything, go do sports. Genius.
[00:08:47] Speaker C: Amazing marketing.
[00:08:48] Speaker A: Yeah.
[00:08:49] Speaker B: Amazing. Yeah.
And there are some people that always like to take advantage when there is a crisis.
I don't have anything against Elon Musk, but this guy immediately say in Twitter or in axe, sorry, former Twitter, that he's gonna remove all crowdstrike software from all his companies, including Tesla, including SpaceX, including X.
He said, never again.
Overreacting. Not overreacting. Your call.
So this is just a bit of non technical, because you asked me, is it a technical thing or the impact. So it was a good prep for my answer.
[00:09:39] Speaker C: I would say there are two additional impacts. One of them, there are cisos around the globe who says, you know what? I don't trust my EDR vendor. Or maybe I need stability better than security, and they just either disabled antivirus or maybe remove it or maybe even consider moving to a different vendor just out of those 48 hours.
And another thing that happens during those. This specific weekend, many hackers began publishing phishing campaigns. They purchased domain names with real application or fake application, you could say.
So to lure people to come into their site, steal their money, because they said, listen, there's a huge outage. You need a replacement. So this is another thing that people took advantage of, this huge outage.
[00:10:37] Speaker B: Yeah. You know, what's. You know, what's the difference between good spoiler and amazing spoiler?
[00:10:46] Speaker A: I think that is related to a yad, but I don't know.
[00:10:50] Speaker B: The difference is with amazing spoiler, you have a good movie afterwards so we can speak about it very soon. Thank you for bringing it up. And I'm gonna double click on specific story about these phishing campaigns, but stay tuned. Okay. We're gonna get there.
[00:11:07] Speaker C: Okay.
[00:11:09] Speaker B: But good point. It's happened immediately for the attackers. So when you asked Microsoft or you wanted to understand, you know, for them, let's say for the normal people or the people that didn't have time or maybe they were on an island. Yeah, still, they're gonna listen to us and they say, I didn't have a chance to understand, you know, what was it? So let me clarify a bit. What was the incident? So it's a content configuration update. What is the content? It's kind of add on or enhancement to collect telemetries from the computer. This is what the Falcon sensor, Crowdstrike, this is what they specialize. They're collecting data in order to have and understanding better on the threats. So content configuration update impacting the Falcon sensor and the Windows operating system. Calls to BSod blue screen of that.
When it happened, July 19, 2024, CrowdStrike released a rapid response content update together an additional telemetry. This is what I mentioned before.
Why? To capture new adversary technique to identify new threat for intelligence for Crowdstrike teams. What was the problem? The problem is that it was caused by a faulty update. And I'm going to go a bit technical over here. There is a file that call 291. This configuration file is kind of a protocol. This file is enable other files to speak with each other. Yeah, like TCP IP provide us the capability to speak with other websites. So this type of a file system, it's kind of a protocol that creates what we call a name piped. And this piped is using to speak with Windows system files.
So there is no doubt that this update kind of detect.
Sorry, this update created a wrong problem. Can be caused by logistic error, logical error, or any other error inside the code. Maybe a wrong loop. Yeah. Crowdstrike, by the way, didn't share exactly what happened in the code. Maybe it's stuck somewhere and that because this file system is part of the kernel, it's caused the damage of blue screen of that, which is the blue screen saying hey, if you want to release this situation, you need to come back from a restart or safe mode or bootload. And by the way, referring back to ueal when you said cisos decided to remove broad strike, but before that they had to do recovery for their computer.
Another thing that I want to say that, and this has led me to, in most cases, this fix had to replace to build manually, meaning that, remember USB sticks, do you still use them?
[00:14:44] Speaker C: Not that often, but I know that a couple of days later, after the incident, Microsoft released a fix. It was based on a USB storage device, which is like nice as a temporary solution.
Just the fact that most corporation worldwide, they harden their machines, their laptops, their desktop, whatever it is, so that even if they physically have a USB storage device, it's inaccessible. It's been blocked, so like half a walk.
[00:15:20] Speaker B: And this is and why it's been blocked for security reasons. So it's dag and the chicken. So now I have an it incident. I want to recover with a USB device that can be connected to the USB drive, but it's actually blocked. I heard a joke that lots of companies like old fashioned, I'm not saying like I don't want to name them, but instead of blocking it in, the software used chewing gums, you know, and they stuck it inside the superglue.
[00:15:55] Speaker C: Yeah, I heard in military companies. Yes.
[00:16:00] Speaker B: I didn't say that. You said it. Yeah, I didn't want to put the army in, you know, in different forms. So just as in some of them, like very small cases, there was kind of ability to, to fix it remotely. After going to have the episode, I'm going to share all the links where you can have the directions how to fix it, how it look like, if you want to read more, to understand better. So all the links is going to be there? Yeah, already shared. And all this information comes from Crowdstrike website as of today. I just went into the website. Before we start the recording, Crowdstrike announced that 99% of the endpoint had been recovered.
That's what they announced in their official website.
And something that I felt like a bit funny to read it. And they said what we are committed to do is how do we prevent this from happening again? And when you go over the steps, some of them are, we need to do better local development testing, stress testing, stability testing, content interface, additional checks enhance existing aero handling in the content interpretator.
And for me, I don't know, how does it make you feel when you read it?
[00:17:37] Speaker C: So from my personal perspective, I would say go back to engineering fundamentals, because everything they said, they're absolutely right. But it's not something new. It's like the fundamentals of engineering. When you develop something, you test it. You don't test in production on day one. You take like, you do gradual upgrades, you take like small group of machines, and you do some tests, make sure everything is okay. You move on to the next one. To the next one. You document what was the last change. You're making a rollback plan, assuming it's possible. In their specific case, it may be problematic because of the way that crowdstrike is loaded as one of the earlier drivers, even before the network driver. So it's kind of a problematic that once you're in the issue.
I'm not sure that even a restart will actually assist you, but this is a specific case. Again, engineering fundamentals, you need to do test all over again before you release something to that amount of customers worldwide.
[00:18:53] Speaker B: And I would add on top of that, which is something that I didn't see over there, it's also very fundamental. It's the deployment scope.
You cannot publish it to the entire world without stopping it and have kind of a designated location. When you do your smoke test, when you stop your deployment, you cannot do a massive deployment for everyone. And now you have the entire world struggling, even it would happen only let's say Chicago, Illinois. Yeah. Randomly, I'm saying that, yeah. Okay, so it's going to be massive over there, but it's not responsible.
And I don't know how they got older and. Sorry, George Quartz, that the CEO, I don't know how you got all your ISO 27001, your SoC, two compliance, all your certificate. This is like a basic questions and evidence that I asking to do or you didn't follow.
That's it.
One last thing before we going to go to the in two lines from now to the phishing campaigns, I have another update that came from Microsoft, which I think that we point our finger to Crowdstrike. But Microsoft, I think they are the ones that need to take responsibility over here. None of the executives over here said, hey, sorry, we take the responsibility.
And because our whole system developed 25 years ago and we don't know exactly how, it's looked like we're going to change it in the future.
However, I saw one update today that Microsoft first time admit that the incident that Microsoft, that the incident that crowdstrike had, this is what they say. They still think it's bigger than what they thought. So maybe it's bigger than 8.5 million endpoints. And one of their vp said that they are counting still the numbers, and they said that maybe 8.5 million is a subset of the number impacted on his blog posts. So we don't know exactly how it's going to look like in the end, but he said that included the promise that the company, aka Microsoft, is willing to reduce the vendor reliance on the kernel drivers following this incident. So what do you plan to do?
Change the kernel. What does it mean? Promise to. Sounds like so fluffy. Sorry.
And this, this was reported by adult reading, so thank you for providing me this information. Ariel, you want to add something?
[00:22:03] Speaker A: No, I'm thinking about the numbers. The impact is.
I don't know. I am thinking about what will happen next. Like you say, maybe next time will be 100 million, maybe. I don't know.
[00:22:17] Speaker B: The problem is that when the beginning, Microsoft said it's only 8.5 million. But including this, 8.5 million is the most important computers around our globe. Yeah, it's not my, my uncle, you know, my retired uncle. Computer that usually reading, you know, financial times.
It's a computer that running the operation for Delta Airlines.
Yeah.
So, yeah. Anyway, I think they do it from legal aspects of. Yeah. From liability and not for other reasons.
They don't want to open their exposure to lawsuits. And they are measuring each word they are saying.
This is the case. This is what I'm thinking. Because in the bottom of their heart, I'm sure they want to go to the public and say, sorry, our file system, and I'm talking about Microsoft, our file system is so old, it's so tough to fix it. They don't want to say it. It's going to open too many rabbit holes. Yeah, yeah, but they all know it.
Do you agree? Eyal? I see you smiling over there.
[00:23:43] Speaker C: Yeah.
Making changes to an operating system or rebuilding from scratch without the compatibility is always an issue, because even if you are a corporate and you have the latest operating system, if you're a bank, maybe a hospital, you still have legacy systems built on top of outdated operating systems. So it's like an issue. I don't know, really, how do you manage to resolve it?
And even if they try to say, okay, tomorrow morning we're going to release a new operating system built from scratch, completely tiny, less packages, less everything. It still would take, I'm guessing, like at least ten years. And this is just my assumption to replace it all over the world. If you can persuade people all over the world to actually replace the operating system.
[00:24:36] Speaker B: Yeah, yeah, I agree.
Last item for crowdstrike, and this was related to your spoiler. Okay, so crowdstrike now warns of new phishing scam. Targeting who? German customers. Pull. The Germans. Why Germans? I don't know why specifically the Germans, but they found out there is a massive attack over there. A spear phishing campaign, exploding the Falcon sensor update issue and they targeting german customers and they're using exactly what Dael was mentioning. And in the end of the end of the attack, they either collecting passwords, either do kind of anti forensic techniques and they are leveraging it specifically in Germany. And this is thank you to desecration. Yeah, and I'm more european, european news, but we need to look at the entire world out there.
Okay. I tried to do a chore to Crosstrek, I think I can speak about it at least 25 minutes more, but let's over here and jump into our run somewhere again.
I had a debate a few years ago, I'm not going to say with who, I'm not going to disclose, but he told me it was like a high rank CISO, he said Raz, and it was 2022, the ransomware is dead.
I don't think so.
I didn't do even any debate, you know, it's like.
So the ransomware gang now exploiting and thank you Eyal for referring that in the, in the last week, ESXi authentication bypass flow ESXi, if not everybody is aware vimware by the way, been acquired by Botcom. So now it's a bigger company.
They have the entire visualization for servers, for the mastering the servers. So ESXI, it's like the master brain of the virtual servers and that manage hundreds, hundreds of servers. And the vulnerability that actually Microsoft found, Microsoft researchers, the vulnerability give a permission based on an ESX admins group by default. So the moment you adding the ESX admin group to the domain including the user, you can have a full permission. Imagine sometimes on ESXI you have maybe 20 3000 different servers full access as an admin, which is insane.
Another way to do it is just rename the existing domain group to ESXS, ESX admins. So just rename the group, you're getting the access. Love it. No, doesn't even need to exploit anything.
And what do you think happened? It's already exploiting the wild. By the way, just a small comment. There are lots of CV's over there. CV's poor, CV's every single day patch Tuesday, hundreds of them.
For me, based on my experience, one of the most important things is check if this vulnerability can be exploitable. Either exploit in the wild or either you have a lab and say, hey, the barrier to execution is very low. Meaning I need to put the effort in order to fix this vulnerability.
I don't know if you remember meltdown and spectra two years ago.
Everybody was speaking about this vulnerability. But in the end of the day it was almost impossible to reproduce this vulnerability.
In this case it wasn't super easy because I don't know if you know, because in the ransomware groups that are the operators, they are the developers of the ransomware and they like to cooperate. They selling to each other and they have a commission based program. So the ransomware operators and all of them have amazing names like storm 0506, storm 1175. Yeah, sounds like.
By the way, they don't give the name to their self.
Microsoft gave it to them with a crowdstrike giving the names. Yeah.
Okto Tempesthe and Minty Tempest. Sounds like cartoons. Yeah. They are the operators. They know to operate the ransomware which is the file, the application.
And over there there are two different types of variants of ransomware. And this is the development companies. These are the vendors. So the vendors are Akira.
This is number one. And the second vendor is tada. Da da da da. Black. Black pasta. Not black pasta, black busta. Why?
I don't know, but great brand. Everybody remember black buster.
And they already exploded in the wild. It's going like nuts. There is already a fixed if you are head of it, if you're running a bank, if you have Esxi, yesterday was your last call before the blockbuster will hit you.
Another huge impact for a us health authority. I've been impact and notify the company health equity. They have a data breach. Lots of Pii's.
They inform 4.3 million people. It's almost the half of Israel, which is almost the entire of Singapore. Yes, Singapore is 5.9 million people. Imagine entire Singapore. We notified that their Pii have been, you know, breached, which is insane. Yeah. What they're gonna do with that? They're gonna sell it. They're gonna sell it in the, in the black market.
And this is. Thank you. Bleeping computer next thing, I don't know if you're familiar with proofpoint.
Yes, Ariel, did you heard about proofpoint?
[00:31:41] Speaker A: No, I am the weak one here in the Iran security give the best. You know.
[00:31:48] Speaker C: They are one of the cybersecurity vendors.
[00:31:51] Speaker A: Ah, okay, okay, okay.
[00:31:53] Speaker C: Email protection mechanism.
[00:31:55] Speaker A: Yeah, yeah, yeah, yeah, yeah. It took me a while.
[00:31:58] Speaker B: I love when you say email protection because imagine what, there was a phishing campaign relying on proof point, meaning they use proofpoint, a massive phishing campaign to exploit new fixed week permissions in Wolfpoint's email protection services.
So they actually exploit the protector of emails which assists to do spoofing to the emails for all Fortune 100 companies like Disney Nike, IBM, Coca Cola, they getting in an average 3 million fake emails now because this compromise for proofpoint they use a very basic configuration change and to do kind of a relay on top of proof point exploit. One of the things that I, I'm admit admitting I used proofpoint in the past with one of the companies that I was the CISO over there, they have a very good product.
But what we need to ask ourselves, and it was maybe five years ago, does the threats change, how does it merge? Were the threat attackers threat groups are looking at what are the threat vectors?
And not just the cisos, also the companies that create the security controls.
My guess, I don't have any insight. I don't think that proofpoint improve their proof against attacking them.
[00:33:58] Speaker A: Interesting.
[00:34:00] Speaker B: Thank you. Bleeping computer we almost done? Almost done. I said it's going to be long today. There are so many things and I picked I think maybe 10% from the thing that interested me.
One of the things that I like to discuss when I was in PayPal is that don't look only on emails which is good, or databases, look on massive software that have supply chain and I know that they all love supply chain software which are now become to be more SaaS which is Salesforce and it can be ServiceNow and also Atlassian. Yeah. All the suite they have a massive distribution and they control lots of different aspects in the organization. And when I see a patch now by CiSA, the cybersecurity authority and say there are two patches for critical for ServiceNow with RC which is remote code execution, you should patch it now. ServiceNow have multiple capabilities on most of the companies they do asset management just by that every attacker that sits on ServiceNow can map the assets. You have a map of the organization of all the assets?
[00:35:35] Speaker A: Yeah.
[00:35:36] Speaker B: This is number one. Just two examples.
[00:35:39] Speaker C: Raz, one question from my side, is it service one, servicenow a SaaS company, meaning you're consuming fully managed software. So if there are vulnerabilities the vendor is supposed to identify them and fix them as far as they can.
[00:35:59] Speaker B: The problem is that I cannot say how much the percentage, but there are lots of on prem because of this threat of asset management, lots of companies deciding to have the service now. IMDb. Yeah, ITCM, sorry, the CMDB, sorry. It's on premises or it can be on premises by not like a bare metal, it can be also iaas. Okay so they're not using their SaaS, they're using the iaas and they install it on their VPC. So they still need to patch their vulnerabilities. They are responsible for the software for this aspect because the exposure to your assets, and this is just one example of ServiceNow, they have different modules. Okay, so go patch now. Servicenow.
Next one, believe it or not, we speak for maybe 35 minutes. And I didn't say AI, so AI, AI gonna say that twice. So criminals now, and for me, it's, it's not something that, you know, opened my mind or they're now selling gen AI creds in the underground markets. I really think you know why they sell the credentials for Genai.
[00:37:35] Speaker A: No.
[00:37:37] Speaker B: Okay, so if I'm a company, let's say one of the biggest companies, yeah, one of the MNC's, the multinational companies, and I want to use the API for chat GPT, and I want to use internally, and I have my own credentials and I want to build my own models. So if you are stealing my gen AI credentials, you actually getting access to my APIs, to my models.
And this is didn't happen only for chat GPT, it was for kalibot notion hugging faces.
Now around, they say about 400 gen AI creds gets sold every single day. Okay, one credit. What do you think the price is?
One credentials, $1,000. No, it's 400 a day. No, it's, it starts with 15. Okay, $15. Yeah, for one cred. You know, you can gain more because you're going to do ransomware afterwards, or you can sell it like, you know, $50. It's nothing.
[00:38:50] Speaker A: I'm not a person, you know, where also.
[00:38:56] Speaker B: And now what happened is the threat attack actors leverage the genai credentials to create phishing and malware campaigns and they gain much more money. And also they take it from chatbots. They still sensitive corporate data.
And the recommendation is please use multifactor authentication or implement the web authentication, or put your pesky security in some places. The next gen solution for that, by the way, to use more access than keys. But this is for another episode. Okay, but think that your API tokens for your jnai sources need to be protected as well.
And last one, and I choose it as the last one because it's kind of, it started look like a cloud issue.
And I'm referring to the azure incident or the azure not responding or downtime that happened a few days ago.
The intune, the entra, the power power bi, Microsoft 365 didn't respond for almost ten minutes.
So some says it was kind of out there, not related to cyber, but some people start to. We don't have like the official announcement but they start to speak some people that it was a DDoS attack on Microsoft and there was other things that we might kind of find in our next episode on August.
And I'm moving the news to you. Thank you.
[00:41:02] Speaker A: You. It's meaning you, Ayal, not me.
[00:41:05] Speaker C: Okay.
[00:41:06] Speaker B: It can be either of you.
[00:41:08] Speaker C: You know, I said, you whoever gonna jump first?
I'm going to jump first. So you mentioned AI or Genai. So we cannot really open a news without some sexy announcements relating to Genai technology.
So two updates in this domain. The first one meta, formerly Facebook. They released Lamma models version 3.1, lama models. If you don't know them, they excel at language nuances, contextual understanding, and complex tasks like translation and dialogue generation.
If you ask me, some use cases for using Lamon models that laminar models actually excels. It includes text summarization and accuracy, text classification, sentiment analysis and nuanced reasoning, language modeling, dialogue systems cogeneration, and following instructions like talking to a chatbot. Really sophisticated.
The new announcement they released three different versions of their model of the Lamo model.
They call it Lama three B, 70 B and 405 B, which b means billion parameters.
And those new models actually compete with other vendors like GPT four, GPT 4.0 by OpenAI, and Cloudsonnet 3.5, which was released about a month ago.
Lastly, the biggest model, Lama version 3.1, the 405 billion parameters, is available today. We can consume it using Amazon bedrock, using azure AI and Google Vertex AI. By the way, it was surprising for me because I thought that most of the connection between Azure and other AI's are mostly the collaboration with OpenAI. But it's nice to know that you can actually consume based on those services, other models as well.
Another company that focus a lot on generating general models is Mistral. Mistral released the Mistral language two large two, sorry, Mistral language large two is an advanced LLM with what they call state of the art reasoning knowledge and coding capabilities. According to Mistral AI, the mistral large two boasts advanced reasoning and mathematical capabilities, making it a powerful asset for tackling complex logical and computational challenges.
The new model is sized 123 billion parameters and it is competitive to GPT 4.0 by OpenAI and cloud three Opus and the Metalama 405 B, where we just mentioned misral lounge two, is available today on Amazon bedrock Azure AI and Google Vertex AI. So this kind of closed the AI related news.
[00:44:35] Speaker A: Yeah, but we are talking about cloud and not AI, right? I think that this is running communities.
[00:44:43] Speaker C: So the models are that big, that you're mostly consuming them on top of one of the large big cloud providers.
[00:44:50] Speaker A: Yeah, I'm just kidding because most of the noise today on the cloud computing communities that we are talking more about AI than really talking about cloud. So I just was mentioning something that is happening.
[00:45:05] Speaker C: I would put it even more than this. I would be even more drastic than this. I would say today the largest cloud providers are pushing for Genaida. It's either a marketing trend or maybe they need to push their competitors. But as somebody who consumes cloud services in a corporate way and talking to customers all around the globe, I would say for the cloud vendors, before you push new technology, which has its benefits, but for the time being I would say it's not mature enough. It's still being matured the way I would say put your efforts first in correcting or fixing or expanding your capabilities in the cloud, such as resiliency, such as making services secured by default. Not just allowing me to secure the services, but configure them secure by default. So I said resiliency, maybe sustainability. There are many, many and naturally lowering the cost for the end consumers. So I would say Genai has its benefit as it suits use cases, but it's still a work in progress. I will put it as the priority one, at least in my perspective for cloud vendors.
So moving on to the first cloud vendor, according to alphabetically, AWS. So AWS announced the general availability of Amazon Q apps, which is part of the Amazon Q business capability.
If you don't know the Amazon Q business, it's a generative AI powered assistant that can answer questions, provide summaries, generate content and securely complete tasks based on data and information in each of the corporation internal systems Amazon Q apps. The new announcement is currently under GA allows users to generate an application from the conversation with Amazon Q business, meaning a chatbot that you are speaking with and you can learn from the information you gather through the conversation. Amazon Q Apps intelligently capture the context of the conversation to generate an app tailored to specific needs. For example, if Amazon Q business assist generate content for all company employees, the marketing team, and this is just an example, could then create their own Amazon Q app for task automation.
So this is the first announcement from AWS. The second one, AWS announced the general availability of Amazon EC two r eight g instances. So it's like a scary name.
The new instance types are based on the AWS graviton four processors. The Graviton four processor were announced last year in re invent as a new generation, it delivers up to 30% faster performance for web application, 40% faster for database and even 45% for large Java applications when you compare to the, to the previous generation, the graviton tree. By the way, the graviton is based on the arm architecture.
They consume less power and they are more powerful in terms of the cpu capabilities.
And if you're wondering, okay, so why should I care? What is the use case for this new, new generation of cpu's or new generation of instances on AWS? So they are ideal for memory intensive workloads such as databases in memory cache and real time big data analytics.
[00:49:04] Speaker B: So sorry, sorry.
[00:49:08] Speaker C: Okay, so moving on to Azure. Azure had huge announcement. The entire suite of the general availability of Microsoft Entra suite. If you can recall, over the past year we had the Microsoft Entra ID which was the new branding of the Azure active directory. So the new suite is a complete security related suite. I'm guessing it has its own price plan.
The new suite includes four components, the Microsoft Entrap Private access, which is like consider a zero trust network solution that will be able to replace your legacy VPN.
Another capability is the Microsoft Entrance Internet access, which is like a replacement for the secure web gateways many organizations used to have. Sometimes it was on Prem, sometimes it was like a SaaS solution. So now you have the Microsoft Entra Internet access.
Another component is the Microsoft Entra ID governance, which is a complete identity governance and administration solution that automates identity and access lifecycle. So now they're also focusing on not just creating new identities, but also managing the entire lifecycle for large corporations.
The next component is the Microsoft Enter ID protection, which is an advanced identity solution that blocks identity compromise in real time using high assurance authentication methods, automated risk and trait assessments, so that if there is a potential hacker rolling around your network, I'm guessing this is one of the ways that your SoC team will be able to easily identify it out of your entire identity fleet.
And lastly, we have the Microsoft Entra verified id, which is a managed, verifiable credential service based on the open source standard that enables real time identity verification in a secure and privacy respected way. So these are all the news related to the Microsoft entrance suite.
Another announcement, we again returning to cloud providers and AI. Microsoft announced a program called the AI Safety and Security Risk.
It's a new, we can call it a service, documentation, whatever you want to call it. It's basically it's a new service that helps detect harmful violence, sexual and self harm content in images and text, and assign severity scores which allows business to limit and prioritize what content moderators need to review. Among the capabilities under the hood, we can talk about the Azure API management for OpenAI applications, which enforce authentication authorization mechanism the Azure PureView, which protects sensitive data with encryption and Microsoft Defender for cloud for AI application, one of the defender for cloud which explores and remediate risk to genAI applications with built in security recommendation. So these are the AI safety and security risk.
Moving on to Google Cloud, Google announced, from my perspective, two important things over the past month. The first one is called the compute engine flexible commit use discount if you're dealing with financial operation, these are one of the ways for customers to commit in advance to purchase compute resources and get discount over time. So the new capability provides discount price for allowable Google Cloud resources like.
[00:53:18] Speaker B: Google.
[00:53:18] Speaker C: Compute engine GKE, the Kubernetes and Google Cloud run in exchange for purchasing committed use contracts, also known as commitments.
What's specially new in this new announcement? It's specifically for compute engine. The flexible cods or compute use discount eliminates the need to restrict commitments to a single project, region or machine series, meaning customers can receive discounts for the virtual cpu's or memory usage in any project within their cloud billing account, across regions and belonging to any reliable machine type. So interesting new feature that allows more flexibility while getting discount while consuming Google Cloud compute services another announcement by Google is a new service called Google sensitive data protection or Google SDP. It's a fully managed service aimed to discover, classify and protect valuable data assets. Google SDP discovery provides continuous data monitoring to identify where sensitive data resides in order to help manage security, privacy and compliance risk. It can also detect data such as personal identifiable information, PII, financial data, credential and credentials, which can help customer inform the security, privacy and compliance posture.
Previous SDP used to support only the Google Bigquery and Google Big Lake, and also the Google Cloud SQL, the managed SQL service.
But the new announcement also added a new capability supporting the Google Cloud storage, the fully managed object storage service. So one of the challenges working with large cloud environments is organization always ask themselves, where do I keep my critical data, my sensitive data, my customers data? It's a challenging question since new technology does not really support using agents to deploy on virtual machines because we're talking about fully managed services database storage, many, many organizations keep a lot of data in object storage. So now Google also had this capability to discover information stored in object storage.
[00:56:03] Speaker A: Okay, and what's some general views not only related to the cloud vendors? Again, do you have something for us.
[00:56:09] Speaker C: Yeah. So Hashicorp, which was over the past year, was purchased by IBM. They released their annual state of the cloud strategy survey for 2024.
Some of the highlights of the report, pretty interesting. Just 8% of the respondent to this survey, they qualify themselves as highly mature.
And 86% of those highly mature organization are getting stronger, stronger security in the cloud.
66% of the responders increased cloud infrastructure spending in the last year. So we're talking not just about security, but also about financial operation and cost.
91% of the responses are wasting money in the cloud. So they're spending more money and they're still wasting a lot of money.
64% of the responders are experiencing a shortage in skilled staff.
It's a huge issue whether you're talking about your first workload, whether you have multiple production workloads, not to mention organization who actually goes a couple of steps further and try to embrace multi cloud strategy. So you need a lot of skilled stuff.
Moving on. 79% of responders have or plan to use multi cloud deployments. So again, spoiler alert. 70% of the responses are using or planning to use AI to support cloud infrastructure. So we're not talking about AI for the business use case or customer use case. It's just for supporting the maintenance and deployment of their cloud infrastructure. And this is the end of the cloud monthly news, right?
[00:58:08] Speaker A: Oh, great news and big news we had this month. It was some kind of long episode for us. Raz, you wanted to talk about something when was going on with this news?
[00:58:22] Speaker B: No, I was just, you know, referring to the spoke about the infrastructure of arm and I was thinking about Nvidia and I was thinking about the prices, like do they do promotions to use it or non promotion, but for the RG eight. RG eight. What was the name? Sorry, it was a funny name.
[00:58:45] Speaker A: If it's a funny name.
[00:58:46] Speaker B: R eight g. R eight g. Yeah, I was close. I was close. Not rg eight rds.
[00:58:53] Speaker A: Rds, I'm guessing.
[00:58:55] Speaker C: Unless you're a solution architect. In Amazon, nobody really recalls all the instance types and the family.
You may be studying for the exams, so you may be asked about it, but at the back of your mind, most people don't really recall the instance family name to which actual use case you would use it. But that's fine. That's completely fine. This is why you have to vendor official documentation.
[00:59:21] Speaker A: Right.
[00:59:22] Speaker B: Okay.
[00:59:23] Speaker A: So really thank you, Raj, and for doing such a great episode with all the news. It was really interesting and I hope that our audience feel the same. So to all of you that are listening or watching us, please follow us on the social media that we are last time I did a mistake on Sunday social media. So I will focus on all our social medias of global tech tv and please feel free to contact us, write to us and please share the share what you think that we maybe missed and some things that you want us to talk about. So again, thank you all and until the next one, bye.