Categories
AI

Black Hat 2022 reveals enterprise security trends

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


The blast radius of cyberattacks on an enterprise is projected to keep growing, extending several layers deep into software supply chains, devops and tech stacks. Black Hat 2022’s presentations and announcements for enterprise security provide a sobering look at how enterprises’ tech stacks are at risk of more complex, devastating cyberattacks. Held last week in Las Vegas and in its 25th consecutive year, Black Hat‘s reputation for investigative analysis and reporting large-scale security flaws, gaps and breaches are unparalleled in cybersecurity.

The more complex the tech stack and reliant on implicit trust, the more likely it is to get hacked. That’s one of several messages Chris Krebs, the former and founding director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), delivered in a keynote to the audience at the Black Hat 2022 conference last week. Krebs mentioned that weaknesses often start from building overly complex tech stacks that create more attack surfaces for cybercriminals to then attempt to exploit.

Krebs also emphasized how critical software supply chain security is, explaining that enterprises and global governments aren’t doing enough to stop another attack at the scale of SolarWinds.

“Companies that are shipping software products are shipping targets,” he told the keynote audience.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Cybercriminals “understand the dependencies and the trust connections we have on our software services and technology providers, and they’re working up the ladder through the supply chain,” Krebs added.

Additionally, eliminating implicit trust is table stakes for reducing supply chain attacks, a point Krebs alluded to throughout his keynote. 

Enterprise security: Reducing the growing blast radius 

Infrastructure, devops, and enterprise software vulnerabilities discovered by researchers made the enterprise-specific sessions worth attending. In addition, improving identity access management (IAM) and privileged access management (PAM), stopping ransomware attacks, reducing Azure Active Directory (AD) and SAP HTTP server attacks, and making software supply chains more secure dominated the enterprise sessions. 

Continuous integration and continuous delivery (CI/CD) pipelines are software supply chains’ most dangerous attack surfaces. Despite many organizations’ best efforts to integrate cybersecurity as a core part of their devops processes, CI/CD software pipelines are still hackable.

Several presentations at the conference explored how cybercriminals can hack into software supply chains using remote code execution (RCE) and infected code repositories. One session in particular focused on how advanced hackers could use code-signing to be indistinguishable from a devops team member. 

Another illustrated how hackers quickly use source code management (SCM) systems to achieve lateral movement and privilege escalation across an enterprise, infecting repositories and gaining access to software supply chains at scale.

Tech stacks are also becoming a more accessible target as cybercriminals’ skills increase. One presentation on how Azure AD user accounts can be backdoored and hijacked by exploiting external identity links to bypass multifactor authentication (MFA) and conditional access policies showed just how an enterprise can lose control of a core part of their tech stack in only minutes. 

A separate session on SAP’s proprietary HTTP server explained how cybercriminals could leverage two memory corruption vulnerabilities found in SAP’s HTTP server using high-level protocol exploitation techniques. CVE-2022-22536 and CVE-2022-22532 are remotely exploitable and could be used by unauthenticated attackers to compromise any SAP installation globally.

Malware attacks continue to escalate across enterprises, capable of bypassing tech stacks that rely on implicit trust and disabling infrastructure and networks. Using machine learning (ML) to identify potential malware attacks and thwart them before they happen using advanced classification techniques is a fascinating area of research. Malware Classification with Machine Learning Enhanced by Windows Kernel Emulation presented by Dmitrijs Trizna, security software engineer at Microsoft, provided a hybrid ML architecture that simultaneously utilizes static and dynamic malware analysis methodologies. 

During an interview prior to his session, Trizna explained that  “AI [artificial intelligence] is not magic, it’s not the silver bullet that will solve all your (malware) problems or replace you. It’s a tool that you need to understand how it works and the power underneath. So don’t discard it completely; see it as a tool.”

Trizna makes ML code for the models he’s working on available on GitHub.  

Cybersecurity vendors double down on AI, API and supply chain security 

Over 300 cybersecurity vendors exhibited at Black Hat 2022, with most new product announcements concentrating on API security and how to secure software supply chains. In addition, CrowdStrike’s announcement of the first-ever AI-based indicators of attack (IOA) reflects how fast cybersecurity providers are maturing their platform strategies based on AI and ML advances. 

CrowdStrike’s announcement of AI-powered IOAs is an industry first

Their AI-based IOAs announced at Black Hat combine cloud-native ML and human expertise, a process invented by CrowdStrike more than a decade ago. As a result, IOAs have proven effective in identifying and stopping breaches based on actual adversary behavior, irrespective of the malware or exploit used in an attack.

AI-powered IOAs rely on cloud-native ML models trained using telemetry data from CrowdStrike Security Cloud, as well as expertise from the company’s threat-hunting teams. IOAs are analyzed at machine speed using AI and ML, providing the accuracy, speed and scale enterprises need to thwart breaches. 

“CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Now, we are changing the game again with the addition of AI-powered indicators of attack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible.” 

AI-powered IOAs have identified over 20 never-before-seen adversary patterns, which experts have validated and enforced on the Falcon platform for automated detection and prevention. 

“Using CrowdStrike sets Cundall apart as one of the more advanced organizations in an industry that typically lags behind other sectors in I.T. and cybersecurity adoption,” said Lou Lwin, CIO at Cundall, a leading engineering consultancy. “Today, attacks are becoming more sophisticated, and if they are machine-based attacks, there is no way an operator can keep up. The threat landscape is ever-changing. So, you need machine-based defenses and a partner that understands security is not ‘one and done.’ It is evolving all the time.” 

CrowdStrike demonstrated AI-powered IOA use cases, including post-exploitation payload detections and PowerShell IOAs using AI to identify malicious behaviors and code.  

AI-generated IOA fortifies existing defenses using cloud-based ML and real-time threat intelligence to analyze events at runtime and dynamically issue IOAs to the sensor. The sensor then correlates the AI-generated IOAs (behavioral event data) with local events and file data to assess maliciousness. CrowdStrike says AI-powered IOAs operate asynchronously alongside existing layers of sensor defense, including sensor-based ML and IOAs. Image credit: CrowdStrike.

For many enterprises, API security is a strategic weakness 

Cybersecurity vendors see the opportunity to help enterprises solve this challenge, and several announced new solutions at Black Hat. Vendors introducing new API security solutions include Canonic Security, Checkmarx, Contrast Security, Cybersixgill, Traceable, and Veracode. Noteworthy among these new product announcements is Checkmarx’s API Security, which is a component of their well-known Checkmarx One platform. Checkmarx is known for its expertise in securing CI/CD process workflows

 API Security can identify zombie and unknown APIs, perform automatic API discovery and inventory and perform API-centric remediation. In addition, Traceable AI announced several improvements to their platform, including identifying and stopping malicious API bots, identifying and tracking API abuse, fraud and misuse, and anticipating potential API attacks throughout software supply chains.

Stopping supply chain attacks before they get started 

Of the more than 300 vendors at Black Hat, the majority with CI/CD, devops, or zero-trust solutions promoted potential solutions for stopping supply chain attacks. It was the most hyped vendor theme at Black Hat. Software supply chain risks have become so severe that the National Institute of Standards and Technology (NIST) is updating its standards, including NIST SP 1800-34, concentrating on systems and components integral to supply chain security. 

Cycode, a supply-chain security specialist, announced it has added application security testing (SAST) and container-scanning capabilities to its platform, as well as introducing software composition analysis (SCA). 

Veracode, known for its expertise in security testing solutions, introduced new enhancements to its Continuous Software Security Platform, including software bill of materials (SBOM) API, support for software composition analysis (SCA), and support for new frameworks including PHP Symfony, Rails 7.0, and Ruby 3.x. 

The Open Cybersecurity Schema Framework (OCSF) meets an enterprise security need  

CISOs’ most common complaint regarding endpoint detection and response (EDR), endpoint management, and security monitoring platforms is that there is no common standard for enabling alerts across platforms. Eighteen leading security vendors have collaborated to take on the challenge, creating the Open Cybersecurity Schema Framework (OCSF) project. The project includes an open specification that enables the normalization of security telemetry across a wide range of security products and services. Open-source tools are also available to support and accelerate OCSF schema adoption.

Leading security vendors AWS and Splunk are cofounders of the OCSF project, with support from CrowdStrike, Palo Alto Networks, IBM Security and others. The goal is to continually create new products and services that support the OCSF specifications, enabling standardization of alerts from cyber monitoring tools, network loggers, and other software, to simplify and speed up the interpretation of that data. 

“At CrowdStrike, our mission is to stop breaches and power productivity for organizations,” said Michael Sentonas, chief technology officer, CrowdStrike. “We believe strongly in the concept of a shared data schema, which enables organizations to understand and digest all data, streamline their security operations, and lower risk. As a member of the OCSF, CrowdStrike is committed to doing the hard work to deliver solutions that organizations need to stay ahead of adversaries.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Repost: Original Source and Author Link

Categories
Game

Microsoft buys Two Hat to improve Xbox community moderation

On Friday, Microsoft , a company best known for its AI content moderation tools. Financial details have not been disclosed, but Microsoft did share its vision for how they’ll work together moving forward. Over the years, the two companies have frequently collaborated to make Xbox Live and other gaming communities safer, and by the sounds of it, that will be the focus of Two Hat moving forward.

“We have partnered with Xbox and the Microsoft team for several years and share the passion and drive to make meaningful change in the advancement of online civility and citizenship,” said Two Hat founder Chris Priebe and CEO Steve Parkis in a . “We are committed to ensuring safety, inclusion and online health and wellness are always at the forefront of our work and through joining Microsoft, we can provide the greatest concentration of talent, resources and insight necessary to further this vision.”

Before today’s announcement, Microsoft was only one of Two Hat’s customers, and that won’t change following the acquisition. “This is a deep investment in assisting and serving Two Hat’s existing customers, prospective new customers and multiple product and service experiences here at Microsoft,” the company said. “With this acquisition, we will help global online communities to be safer and inclusive for everyone to participate, positively contribute and thrive.”

Since 2019, Microsoft has placed an emphasis on . “Gaming is for everyone,” Xbox chief Phil Spencer said at the time. This acquisition should tie in nicely with that goal.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
AI

Microsoft acquires AI-powered moderation platform Two Hat

Microsoft today announced that it acquired Two Hat, an AI-powered content moderation platform, for an undisclosed amount. According to Xbox product services CVP Dave McCarthy, the purchase will combine the technology, research capabilities, teams, and cloud infrastructure of both companies to serve Two Hat’s existing and new customers and “multiple product and service experiences: at Microsoft.

“Working with the diverse and experienced team at Two Hat over the years, it has become clear that we are fully aligned with the core values inspired by the vision of founder, Chris c, to deliver a holistic approach for positive and thriving online communities,” McCarthy said in a blog post. “For the past few years, Microsoft and Two Hat have worked together to implement proactive moderation technology into gaming and non-gaming experiences to detect and remove harmful content before it ever reaches members of our communities.”

Moderation

According to the Pew Research Center, 4 in 10 Americans have personally experienced some form of online harassment. Moreover, 37% of U.S.-based internet users say they’ve been the target of severe attacks — including sexual harassment and stalking — based on their sexual orientation, religion, race, ethnicity, gender identity, or disability. Children, in particular, are the subject of online abuse, with one survey finding a 70% increase in cyberbullying on social media and gaming platforms during the pandemic.

Priebe founded Two Hat in 2012 when he left his position as a senior app security specialist at Disney Interactive, Disney’s game development division. A former lead developer on the safety and security team for Club Penguin, Priebe was driven by a desire to tackle the issues of cyberbullying and harassment on the social web.

Today, Two Hat claims its content moderation platform — which combines AI, linguistics, and “industry-leading management best practices” — classifies, filters, and escalates more than a trillion human interactions including messages, usernames, images, and videos a month. The company also works with Canadian law enforcement to train AI to detect new child exploitative material, such as content likely to be pornographic.

“With an emphasis on surfacing online harms including cyberbullying, abuse, hate speech, violent threats, and child exploitation, we enable clients across a variety of social networks across the globe to foster safe and healthy user experiences for all ages,” Two Hat writes on its website.

Microsoft partnership

Several years ago, Two Hat partnered with Microsoft’s Xbox team to apply its moderation technology to communities in Xbox, Minecraft, and MSN. Two Hat’s platform allows users to decide the content they’re comfortable seeing — and what they aren’t — which Priebe believes is a key differentiator compared with AI-powered moderation solutions like Sentropy and Jigsaw Labs’ Perspective API.

“We created one of the most adaptive, responsive, comprehensive community management solutions available and found exciting ways to combine the best technology with unique insights,” Priebe said in a press release. “As a result, we’re now entrusted with aiding online interactions for many of the world’s largest communities.”

It’s worth noting that semi-automated moderation remains an unsolved challenge. Last year, researchers showed that Perceive, a tool developed by Google and its subsidiary Jigsaw, often classified online comments written in the African American vernacular as toxic. A separate study revealed that bad grammar and awkward spelling — like “Ihateyou love,” instead of “I hate you,” — make toxic content far more difficult for AI and machine detectors to spot.

As evidenced by competitions like the Fake News Challenge and Facebook’s Hateful Memes Challenge, machine learning algorithms also still struggle to gain a holistic understanding of words in context. Revealingly, Facebook admitted that it hasn’t been able to train a model to find new instances of a specific category of disinformation: misleading news about COVID-19. And Instagram’s automated moderation system once disabled Black members 50% more often than white users.

But McCarthy expressed confidence in the power of Two Hat’s product, which includes a user reputation system, supports 20 languages, and can automatically suspend, ban, and mute potentially abusive members of communities.

“We understand the complex challenges organizations face today when striving to effectively moderate online communities. In our ever-changing digital world, there is an urgent need for moderation solutions that can manage online content in an effective and scalable way,” he said. “We’ve witnessed the impact they’ve had within Xbox, and we are thrilled that this acquisition will further accelerate our first-party content moderation solutions across gaming, within a broad range of Microsoft consumer services, and to build greater opportunity for our third-party partners and Two Hat’s existing clients’ use of these solutions.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Security

Infosec Community Debates Changing ‘Black Hat’ Terminology

A Google security researcher has chosen to withdraw from speaking at the Black Hat security conference this year and has asked the information security community to stop using the terms “black hat” and “white hat”, as reported by ZDNet. David Kleidermacher, VP of Engineering at Google, said that the terms contribute to racial stereotyping.

“I’ve decided to withdraw from speaking at Black Hat USA 2020,” Kleidermacher wrote on Twitter. “Black hat and white hat are terms that need to change. This has nothing to do with their original meaning… These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias.”

I’ve decided to withdraw from speaking at Black Hat USA 2020. I’m deeply grateful for the offer to speak, and for the great work the conference has done over the years to protect users through transparency, education, and community building.

— David Kleidermacher (@DaveKSecure) July 3, 2020

Kleidermacher also referred to the need to update gendered terms like “man-in-the-middle,” a type of cyber attack, to a gender-neutral term like “person-in-the-middle.”

Many in the infosec community pointed out that the terms “black hat” and “white hat” did not originate from references to race, but rather to the tradition in Western movies in which the hero typically wears a white hat and the bad guy wears a black hat. But Kleidermacher anticipated this objection, writing that, “the need for language change has nothing to do with the origins of the term black hat in infosec. Those who focus on that are missing the point. Black hat/white hat and blacklist/whitelist perpetuate harmful associations of black=bad, white=good.”

Although this latest debate was clearly inspired by recent Black Lives Matter campaigning and a broader conversation around racial justice in the U.S. and beyond, this discussion is not new. A similar discussion has been going on for decades over software terms like “master” and “slave,” which are frequently used to describe dependencies in documentation. Programming language Python, for example, removed this terminology from its documentation in 2018.

However, unlike the master/slave example which was broadly agreed over time to be offensive, the black hat/white hat issue has been more contentious. Hackers concerned with racial justice worried on Twitter that there was a “huge danger that we waste the moment shuffling words around instead of changing power systems” and argued for “more than a name change” such as inviting more Black hackers to speak at events, funding scholarships for Black hackers, and paying to train more Black hackers.

It may be fine for white folks to cloak themselves in the imagery of black: black hats are enigma, sinister, counterculture, cool. But Black folks don’t need your help being associated with criminality. It’s not cool. For us. We don’t own that image. 10/x

— Brian Anderson (@btanderson72) July 4, 2020

Information security analyst Brian Anderson wrote a thread discussing the harm done by careless terminology. He concluded that changing naming conventions without addressing the larger issues affecting minority hackers, such as cost and the predominantly white lineup of speakers at events, was performative. “I’m glad people are actively or thinking of giving up their coveted roles in Black Hat,” he wrote. “That’s great. But. But. Who is being served by this action? What’s the objective? Who benefits? How? That’s the conversation we have to have.”

Editors’ Choice




Repost: Original Source and Author Link

Categories
AI

KPMG decides on Red Hat OpenShift to construct AI platform

Where does your enterprise stand on the AI adoption curve? Take our AI survey to find out.


Red Hat and KPMG LLP today revealed they are working together to make the Red Hat OpenShift platform, which is based on Kubernetes, a foundational core of the KPMG Ignite AI platform.

The KPMG Ignite platform combines machine learning algorithms with document ingestion and optical character recognition capabilities to analyze both structured and unstructured data. Kubernetes has emerged as a preferred foundation for building AI platforms because it makes it simpler to dynamically orchestrate the consumption of IT infrastructure on behalf of containerized applications.

Developers employ containers to build AI models out of modular components that are easier to create and update. In most cases, the volume of data a monolithic approach to constructing an AI model requires simply isn’t practical.

The Red Hat OpenShift agreement extends an existing alliance between Red Hat, now a subsidiary of IBM, and KPMG, a system integrator that often competes with IBM. The ongoing alliance between Red Hat and KPMG suggests that, despite potential conflicts of interests with its parent company, systems integrators such as KPMG are not walking away from their existing relationship with Red Hat.

It’s not clear, meanwhile, to what degree organizations are now relying on external service providers to build and deploy applications infused with AI. However, just about every global IT service provider has launched an AI practice to help organizations overcome a chronic shortage of data science expertise at a time when many of them are engaged in an AI arms race.

A recent survey published by KPMG notes the COVID-19 pandemic drove increased adoption of AI in the past year as organizations accelerated a wide range of digital business transformation initiatives. Some of those organizations worry that even though they need to at least keep pace with rivals, they may be deploying AI too far ahead of AI regulations that are still being debated, the same survey finds.

Most applications that are being infused with AI models are being built in the cloud because of the massive amounts of data involved. IT organizations that are building these applications, however, don’t want to get locked into a single cloud platform. It’s become apparent that some cloud platforms are simply more optimized than others for running certain classes of workloads, noted Stu Miniman, director of market insights for cloud platforms at Red Hat. The Red Hat OpenShift platform makes it possible for organizations to build and deploy applications as they best see fit on any public cloud or on-premises IT environment, Miniman said.

Red Hat and IBM may have been late to the cloud, but as hybrid cloud computing environments continue to evolve, the combined companies are now enjoying a “second mover advantage” at a time when the bulk of enterprise IT applications are still running in on-premises IT environments, said Miniman.

Cloud service providers are especially focused on AI workloads because of the sheer volume of infrastructure resources required to build and sustain them. IT organizations that can at least demonstrate an ability to move workloads will be able to command better cloud pricing terms.

It is, of course, still early days for AI in the enterprise. Many organizations struggle to bring together a diverse range of cultures in organizations that include data scientists alongside developers and IT operations staff. Each of those communities within an IT organization is likely to have their platform preference. In the case of organizations that decide to employ the expertise of KMPG, however, that platform decision has already been made.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Red Hat open-sources TrustyAI, an auditing tool for AI decision systems

Join Transform 2021 this July 12-16. Register for the AI event of the year.


The ability to automate decisions is becoming essential for enterprises that deal in industries where mission-critical processes involve many variables. For example, in the financial sector, assessing the risk of even a single transaction can become infinitely complex. But while the utility of AI-powered, automated decision-making systems is undeniable, utility often plays second fiddle to transparency. Automated decision-making systems can be hard to interpret in practice, particularly when they integrate with other AI systems.

In search of a solution, researchers at Red Hat developed the TrustyAI Explainability Toolkit, a library leveraging techniques for explaining automated decision-making systems. Part of Kogito, Red Hat’s cloud-native business automation framework, TrustyAI enriches AI model execution information through algorithms while extracting, collecting, and publishing metadata for auditing and compliance.

TrustyAI arrived in Kogito last summer but was released as a standalone open source package this week.

Transparency with TrustyAI

As the development team behind TrustyAI explains in a whitepaper, the toolkit can introspect black-box AI decision-making models to describe predictions and outcomes by looking at a “feature importance” chart. The chart orders a model’s inputs by the most important ones for the decision-making process, which can help determine whether a model is biased, the team says.

TrustyAI offers a dashboard, called Audit UI, that targets business users or auditors, where each automated decision-making workload is recorded and can be analyzed at a later date. For individual workloads, the toolkit makes it possible to access the inputs, the outcomes the model produced, and a detailed explanation of every one of them. Monitoring dashboards are generated based on model information so users can keep track of business aspects and have an aggregated view of decision behaviors.

TrustyAI’s runtime monitoring also allows for business and operational metrics to be displayed in a Grafana dashboard. Moreover, the toolkit can monitor operational aspects to keep track of the health of the automated decision-making system.

TrustyAI

Above: The TrustyAI monitoring dashboard.

Image Credit: TrustyAI

“Within TrustyAI, [we combine] machine learning models and decision logic to enrich automated decisions by including predictive analytics. By monitoring the outcome of decision making, we can audit systems to ensure they … meet regulations,” Rebecca Whitworth, part of the TrustyAI initiative at Red Hat, wrote in a blog post. “We can also trace these results through the system to help with a global overview of the decisions and predictions made. TrustyAI [relies] on the combination of these two standards to ensure trusted automated decision making.”

Transparency is an aspect of so-called responsible AI, which also benefits enterprises. A study by Capgemini found that customers and employees will reward organizations that practice ethical AI with greater loyalty, more business, and even a willingness to advocate for them — and punish those that don’t. The study suggests companies that don’t approach the issue thoughtfully can incur both reputational risk and a direct hit to their bottom line.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Robin.io brings pay-as-you-go pricing to Red Hat private clouds

Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.


Robin.io, a leader in Kubernetes storage and data management, is bringing pay-as-you-go pricing to the Red Hat Marketplace for Robin Cloud Native Storage (CNS).

Dynamic pricing models are among the most alluring features of public cloud services but not commonly seen in private clouds. But that is changing as more vendors take advantage of new metering capabilities available in private cloud services like Red Hat OpenShift. Kubernetes storage solutions have traditionally been priced using an annual licensing model, especially for on-premises deployments.

The flexibility of paying for hourly consumption promises greater flexibility for businesses deploying ephemeral workloads, such as extract, transform, and load (ETL) processing; AI/ML workloads, such as data preprocessing, feature extraction, and model training; and ad-hoc data analysis on Red Hat OpenShift.

“This helps customers with flexible licensing terms that can reduce costs and encourage more experimentation,” Robin.io director of product Ankur Desai told VentureBeat in an email. His team had to develop a metering integration with Red Hat to make this work securely and privately to mitigate concerns about external monitoring.

Dynamic pricing on private clouds

The Red Hat Marketplace makes it easier for enterprises to provision cloud services for hybrid workloads that may span multiple private and public clouds. Robin CNS takes advantage of the “metering definition” as provided by the Red Hat Marketplace operator. There is no information sharing or network connection required with Robin because the Red Hat Marketplace operator collects consumption metrics for Robin CNS and passes the aggregated consumption metrics to the billing service.

Robin.io installs natively on any Kubernetes distribution within minutes and creates a block and file storage solution by pooling available storage resources such as HDDs, SSDs, and cloud disks. It also automates complex storage management and data management operations on Kubernetes and provides a simple API to developers. It is also application-aware, in that it understands the scope of a stateful application on Kubernetes and wraps all relevant components — including data, metadata, and config data — into a single entity. All data management operations, such as snapshots, backups, and migration, are performed on the entire application, not just the data. This is important because many microservice applications are designed to be stateless in order to improve scalability and performance.

Dynamic pricing could play an important role in the growth of storage capabilities deployed alongside more dynamic applications common with microservice and container architectures.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Game

Among Us adds ‘chocolate’ hat, but we all know what it really is

Among Us is getting an entirely new map, of course, but that’s not the big news at the moment. In less than a week, the game will also add a new hat for players to wear, and, well, it stinks. The team is adding a totally innocent, not-at-all-poop hat that is definitely just chocolate ice cream, even though it has a suspiciously similar design to a certain popular emoji.

Innersloth teased the new hat with a screenshot on Twitter, and it clearly had fun with the new design, saying that it ‘definitely does not look like anything’ but a swirl of chocolate ice cream. Innocent smiley face included.

The new poop/chocolate hat should pair well with the angry eyebrows that’ll arrive with the big March 31 update, which is also bringing the previously announced Airship map and account system. The map will include new tasks and some other changes to keep things fresh.

The update will be free to download and, hopefully, will cut down on the number of bad actors who have taken advantage of the anonymous account-free gameplay. Players will get to pick which of the new rooms they start the game in, which should improve the mystery of who is the imposter.

It seems the update will also bring some other new hats, but we won’t know what to expect until the update arrives. The core gameplay, which involves completing tasks while trying to avoid death at the hands of one or more imposters, will remain the same.



Repost: Original Source and Author Link