AWS snaps up Sqrrl to strengthen threat detection, analytics

A recent Amazon acquisition is likely to lead to another tool to help AWS customers monitor the security of their sensitive data.

Sqrrl, a start-up for security, confirmed this week that it had been taken over by Amazon and would be integrated with AWS. The Cambridge, Massachusetts-based company has its roots in the NSA and focuses on threat detection, hunting and incident response, based on the growing trend of security analysis.

Rumors about the matter are circulating since December when it was reported by Axios. AWS did not publicly confirm the agreement, but this report indicates that the agreement was about $ 40 million. According to Prendergast, co-founder and CEO of Evident.io, a cloud security and compliance company in Pleasanton, the deal works well for Amazon because of the relatively low price and Sqrrl's experience with large sets of data. , California

"Sqrrl is a leading candidate for the integration of GuardDuty, Amazon's internal response and telemetry security team to provide customers with a threat warning," he said. "It seems a natural and logical process to offer and provide better security services over time."

GuardDuty, which became available last November, is the AWS threat detection service that provides alerts based on the intelligent assessment of its own network. Sqrrl can help improve this service with more advanced answers once the threats are detected.

The agreement comes a year after AWS took over a new start-up, Harvest.ai, whose team and alleged technology was used to build Amazon Macie. Macie, which was made available in August 2017, uses machine learning to recognize and keep sensitive data in Simple Storage Service (S3) and warns about abnormal behavior.

AWS touted the shared responsibility model long ago to ensure the safety of the underlying infrastructure, but this model forces its customers to lock everything they build on the AWS cloud. Over time, the company has added important security features, such as key management and identity federation, to make greater use of corporate IT services, not just startups and industries.

Over the past two years, AWS has added many security tools to address security issues and track data: Amazon Cloud Directory, Amazon Inspector, AWS Single Sign-On, AWS Shield, AWS IoT Device Defender, and Amazon GuardDuty. AWS has also updated some of its default settings to prevent embarrassing exposure to sensitive data when customers leave their S3 buckets open to the public.

Despite these efforts, one of the biggest criticisms of AWS cloud security was the incoherent nature of the various tools. Sqrrl can help to meet this short waiting time, which is especially important because Microsoft has made a leap forward in this area in many ways, Prendergast said. For example, Microsoft has integrated detection and threat detection tools into Office 365, Windows Defender Advanced Threat Protection, and as components in Azure Security Center.

"Microsoft has introduced many security chips this year to ensure that customers get defense and depth and make decisions about multiple layers of infrastructure, while Amazon is able to view each layer individually and not bring everything together - a holistic application", he said.

When you get to the cloud [SIM data] come and go so quickly, so if you're a security team you've got to resolve that in a hybrid environment.

Amazon and Nvidia are hiring people to cozy up to health VCs

Amazon Web Services CEO Andy Jassy in an interview with Jon Fortt of CNBC at the 2017 AWS re: Invent conference in Las Vegas.

Networking with health venture capital firms is now a full-time job.

Amazon Web Services and Nvidia have job postings for people who can network with health investors from elite companies.

In the case of Nvidia, this means funds like Venrock, which is specifically mentioned. The AWS list does not verify by name the companies in its list of jobs, in favor of letting its future locate identify "VC's appropriate to target."

The idea behind these hires seems to be to build relationships with investors and their portfolio companies, so they make a quick decision to buy AI chips and Nvidia or AWS services over others. Cost conversion at a later stage of the business life cycle is labor intensive and expensive.

The idea is not new: high-tech companies have established networks with venture capitalists and start-up acceleration programs for years.

But the health care angle is interesting because traditional technology companies have not generally paid much attention to health.

"What's different today is that they recognize that health care accounts for about one-fifth of GDP and that they need a specific strategy to grow rapidly in this sector," said Venkat Mocherla. , responsible for business development at Qventus. up that uses artificial intelligence tools to speed up the operations of the hospital.

Amazon's aggressive poaching tactics in Israel have start-ups threatening to abandon AWS

Amazon's aggressive striker tactics in Israel shocked the country's start-up community and prompted some companies to abandon Amazon's cloud service as retaliation.

Shai Wininger, the co-founder of Lemonade, a start-up for insurance that raised $ 180 million, took his frustration on social media, wrote several posts on LinkedIn and Facebook about the poaching activity of Amazon.

"We have just learned that Amazon is actively targeting and testing Lemonade Inc. employees," Wininger writes on LinkedIn. "I wonder if their idea is to support the startup ecosystem - reconsider Amazon AWS."

Wininger later followed and said that the poaching by Amazon's customers, such as Lemonade, is a "breach of trust". He added that the "amount of obscene money" offered to steal his employees could damage the entire Israeli start-up market.

Wininger wrote in a separate Facebook post: "Game on! Werner Vogels FYI", marks Vogels, Amazon's chief technology officer.

Wininger's complaint is the latest proof of the growing tension between Amazon and emerging technology companies. Last year, Amazon thwarted a number of startups after releasing a product that looked and functioned almost as a device manufactured by Nucleus, one of the Alexa Fund portfolio companies. It can also paralyze Amazon's efforts to broaden its presence in Israel, a start-up powerhouse with some of the world's best technical talent.

Although Wininger's messages are gaining popularity, Birds has left a comment below, indicating that he does not support Amazon's poaching by his customers.

"Let me take a dip here," Vogels wrote in the Facebook section posting comments. "It can be a sourcing agency compared to Amazon, and I notice that sourcing from our customers is extremely counter-effective."

Talent War

Amir Konigsberg, CEO of the Tel-Aviv-based start-up company Twiggle, said the problem is not necessarily about the theft of start-ups by Amazon, but rather about the aggressive nature of syrups.

He pointed out that Amazon had "systematically" been in contact with groups of employees working on specific projects in start-ups, which threatened to lose one team at a time. Konigsberg, who previously led Google's expansion to Israel, said that Amazon is much more aggressive than other multinational companies such as Google or Facebook.

"The talent war is going well, but you have to remain respectful," said Konigsberg, adding that Amazon is damaging its relationship with the rest of Israel's technical community. "It is very important to keep a balance in the way you operate: Apple, Google and FB all have a lot of money, but you have never seen such complaints about them."

The biggest problem for Amazon is that it can hurt itself.

In the comment section under Wininger, a number of Israeli start-up CEOs said they are considering other cloud providers because of Amazon's actions. This would add to the flow of companies avoiding AWS, a group that includes a number of large-box retailers such as Walmart, Target and Kroger.

"We spend almost $ 2,000,000 a year on AWS, but Amazon recruiters are aggressively trying to trick our TLV developers," said Liad Agmon, CEO of Dynamic Yield, Tel Aviv. "This is a data point that I consider seriously as part of our internal debate, whether we stay with Amazon or go to Google Cloud."

Once reached to comment, Amazon said it did not recruit by focusing on employees of a specific company or a specific customer.

"We have many open positions around the world and hire talent based on work-related skills and expertise, not from the current employer," Amazon said in a statement.

"Although we have employees who leave Amazon for other companies and vice versa, we have not built the kind of customer base that we have by specifically targeting our employees to hire customers - we focus our attention on helping our customers to get big business. create. "AWS."

Given the enormous share of Amazon in the cloud space, it is difficult to imagine that this will have a material impact on AWS. But at least by opening the door for competitors to offer better offers, just like a commercial Google Cloud LinkedIn.

"Google Cloud would like to have you - send me a message", wrote the Google representative under Wininger.

AWS, Google, and Microsoft promise their clouds are mostly protected from processor flaw

Amazon Web Services, Microsoft, Google, and other cloud providers inform customers that they may experience downtime and performance degradation as a result of an urgent effort to correct critical errors found in many computer processors.

The errors, known as Specter and Meltdown, were revealed today after a report by The Register. They are caused by microprocessor design issues that could potentially allow malicious code to read the contents of a computer's kernel memory. These issues greatly affect the Intel chips that power the overwhelming majority of servers in the cloud running, but other processors, including some designed by AMD and Arm, appear to be affected.

These three major cloud providers have revealed to users that some of them were cryptographically informed about the downtime scheduled late last year as part of the first efforts to implement patches for counter the error. These efforts, initially silent and progressive, have accelerated after the official disclosure of the errors today.

AWS stated in a statement that the overwhelming majority of instances of virtual machines running in its fleet are protected, and the rest receive updates within hours of this notification. Google has already updated its G Suite productivity service and cloud platform to protect users. Microsoft said most of its Azure infrastructure has been updated to protect itself from vulnerabilities, but some customers will still have to spend some time to protect themselves.

However, the owners of the platforms that update the underlying infrastructure on which their clients' workloads are running are only half the battle: users will also need to update their operating systems . Microsoft is expected to release patches for Windows as part of its next patch cycle on Tuesday, as other operating systems remove patches.

Customers can see slowdowns with their workloads because the root cause of the problem is related to speculative execution, a technique used by processors to improve performance. The Microsoft blog said that most of its customers should not see a significant impact on the performance of updates implemented to mitigate errors, but some will see degraded network performance.