Archive for February 20, 2025

Newer Entries »

Starburst Closes Record FY25

Posted in Commentary with tags on February 20, 2025 by itnerd

Starburst, the data platform for apps and AI, announced a record FY25 close, driven by strong demand from enterprise customers:

  • Grew net new customers by 20% and Starburst Galaxy customer growth by 76% year-over-year  
  • Achieved record global sales, including significant growth in North America and EMEA
  • Increased adoption of Starburst Galaxy, its flagship cloud product, by 94% year-over-year
  • Signed the largest deal in the company’s history –  a multi-year, eight-figure contract per year, with a global financial institution 
  • Increased ARR per customer to over $325,000
  • Customers include 10 of the top 15 global banks 
  • Selected by Dell Technologies to be the analytics query engine powering the Dell Data Lakehouse, the data platform for Dell’s AI Factory GTM

Customers around the world are partnering with Starburst to accelerate their AI journey. 

Starburst is the data platform for analytics, applications, and AI, unifying data across clouds and on-premises to accelerate AI innovation. Organizations—from startups to Fortune 500 enterprises in 60+ countries around the globe — customers rely on Starburst for fast data access, seamless collaboration, and enterprise-grade governance on an open data lakehouse. Wherever data lives, Starburst unlocks its full potential, powering data and AI from development to deployment. By future-proofing data architecture, Starburst helps businesses fuel innovation with AI.

Learn more at starburst.ai.

Leave a comment »

Organizations with HITRUST Certification Achieve <1% Breach Rate

Posted in Commentary with tags on February 20, 2025 by itnerd

HITRUST today released its Second Annual 2025 HITRUST Trust Report, reaffirming HITRUST as the only information risk and cybersecurity certification that delivers quantifiable proof of risk reduction. The data is clear: organizations with HITRUST certifications experience dramatically fewer breaches than those without, demonstrating that HITRUST is the benchmark for cybersecurity trust and assurance.

Key Findings from the 2025 Trust Report:

  • HITRUST-Certified Organizations Remain Protected: Organizations with a HITRUST certification reported an incident rate of just 0.59% in 2024, meaning 99.41% remained breach-free. This rate—down from 0.64% in 2023—now covers all HITRUST certifications (e1, i1, and r2), not just the r2, proving that HITRUST’s entire portfolio delivers measurable risk reduction.
  • HITRUST Protects Against 100% of Known Cyber Threats: The HITRUST CSF is cyber threat-adaptive and leverages top intelligence sources to counter modern cyber threats. With direct mapping to MITRE ATT&CK, HITRUST is the only framework proven to mitigate 100% of addressable TTPs.
  • HITRUST Drives Continuous Security Maturity: Organizations that maintain HITRUST certification see up to 54% fewer corrective actions required year-over-year, proving that repeat certification leads to material, ongoing security improvements.
  • HITRUST Introduces Two AI Security Assurances: HITRUST now provides industry-leading AI Security Assessment and Certification, allowing organizations to seamlessly integrate AI risk management into their broader security programs.
  • HITRUST found system vulnerability exploits as the top breach type over three years. Password Management, Data Protection, and Access Control are the hardest domains to achieve security maturity. Inadequate Endpoint Protection is the leading cause of HITRUST certification failures.

HITRUST’s Cyber-Threat-Adaptive Delivers Continued Relevance

HITRUST’s superior risk mitigation is driven by its cyber threat-adaptive engine, ensuring that its control requirements are continuously evaluated against the latest threat landscape. Using proprietary, patent-pending technology and indicators of attack and compromise, HITRUST ensures that controls remain effective in mitigating current and emerging threats. Unlike static, one-size-fits-all standards and frameworks, HITRUST’s framework ensures that its controls have an intended and measurable risk mitigation effect.

Reliable Assurance Built for Trust

HITRUST certifications are built on a highly reliable assurance methodology, which includes:

  • Prescriptive control requirements are designed for validation, measurement, and scoring from the start.
  • Independent third-party validation to verify accurate and effective implementation.
  • Centralized QA review, reporting, and certification to ensure consistency and trustworthiness.
  • A robust gap and corrective action plan model, driving continuous improvement.
  • Annual recertifications that ensure organizations maintain their cybersecurity maturity.

Together, these relevant controls and reliable assurances create measurable, consistent, significant, and ever-improving security outcomes. This fact is further validated by the cyber insurance industry, which has recognized HITRUST’s accuracy and dependability in understanding and reducing risk. As recently announced, multiple insurers have now formed a shared risk facility to offer HITRUST-certified entities enhanced cyber insurance options, including better coverage, reduced rates, and a streamlined process for application and renewals.

Coming Soon: Public Cyber-Threat-Adaptive Reporting

In the coming months, HITRUST will begin publicly reporting cyber threat-adaptive analytics and findings. These reports will not only reinforce greater confidence in HITRUST’s control requirements but also guide organizations on which controls are under the most pressure and where they should prioritize security investments. This data-driven approach will enable organizations to proactively strengthen high-impact controls based on real-world attack trends and evolving threats.

How Organizations Are Using HITRUST

HITRUST is more than just a certification—it is a blueprint and benchmark to manage information security risk and compliance and to establish trust between organizations and parties:

  • Business, security, and risk leaders rely on HITRUST as a structured approach to internal security programs.
  • Third-party risk managers leverage HITRUST to ensure strong, practical, and scalable vendor risk management.
  • Sales and marketing leaders use HITRUST certification to demonstrate a trusted security posture, removing friction with prospects and customers.
  • Compliance leaders utilize HITRUST to streamline regulatory compliance and reporting across multiple requirements.

With the release of this year’s Trust Report, HITRUST continues to cement its position as the gold standard and industry leader in cybersecurity assurance.

Get the Full ReportFor a deeper dive into how HITRUST is leading the way, visit: HITRUST 2025 Trust Report

Leave a comment »

Ericsson and Telstra pioneer the first programmable network in Asia-Pacific

Posted in Commentary with tags on February 20, 2025 by itnerd

Customers of Australian communications service provider (CSP) Telstra are set to become the first in the Asia-Pacific region to benefit from a high-performing, programmable network with 5G Advanced capabilities, thanks to a major partnership with Ericsson. 

Under the four-year deal, Telstra will upgrade its radio access network (RAN) with Ericsson’s next-generation Open RAN-ready hardware solutions and 5G Advanced software. It will also implement AI and automation to optimize network management through self-detection and self-healing capabilities.  

The transformation will power Telstra with one of the most advanced, resilient and reliable 5G networks in the world. Telstra’s programmable network will provide a platform for innovative application development and the ability to tailor superior connectivity to the unique requirements of its customers, including new performance-based offerings. 

Further, it will open the network to tech innovators from wider ecosystems via network APIs (Application Programming Interfaces). 

The adoption and acceleration in uptake of network APIs, and how they can drive telecom industry monetization opportunities, is also the focus of the recently announced global venture, Aduna, of which Ericsson and Telstra are founding members. Telstra’s new 5G Advanced network capabilities will be central to the delivery of such API-based services. 

The high-performing capabilities of the 5G Standalone (5G SA) solutions involved are also key to enabling the next-generation use cases and developer innovation that will make Industry 4.0 a reality in Australia. 

OTHER TELSTRA BENEFITS

The new network will maximize Telstra’s spectrum investments and operational efficiency. It aims to double 5G capacity, deliver improved consistency of service, increase depth of coverage, increase uplink and downlink speeds, and reduce energy consumption.

In addition, it will enable the transformation of traditional one-size fits all mobile services towards differentiated connectivity, where consumers and enterprises can create their own service experience. 

MORE ON THE TECH

Solutions include Ericsson’s Open RAN-ready Massive MIMO radios and new RAN Compute solutions as well as Ericsson’s latest 5G Advanced subscriptions to deliver new services, drive operational efficiency, and increase performance. The scope also includes Ericsson Intelligent Automation Platform (EIAP), Ericsson’s open network management and automation platform for open, multi-vendor and multi-technology networks, supporting all 4G and 5G RAN. 

EIAP will improve network management and automation by leveraging EIAP and developer eco-system tools to create and deploy custom applications (rApps) that employ advanced automation techniques, including machine learning and AI, to optimize the network and deliver improved sustainable operations.

This latest partnership extension builds on Ericsson and Telstra’s long-standing collaboration across radio access networks, core, optical, transport and business support systems.

ADUNA

In addition to Ericsson and Telstra, the founding members of Aduna are América Móvil, AT&T, Bharti Airtel, Deutsche Telekom, Orange, Reliance Jio, Singtel, Telefonica, T-Mobile, Verizon, and Vodafone.

The venture was announced in September 2024, with the company name announced in January 2025.  It aims to combine and sell network APIs on a global scale to spur innovation in digital services.

Partners will open their networks to make advanced capabilities easily accessible to millions of developers world-wide, through a global platform for aggregated network APIs. This aim is to drive new use cases across multiple industries and sectors. 

Leave a comment »

CISA /FBI Warn of Ghost Ransomware Attacks in Over 70 Countries

Posted in Commentary with tags on February 20, 2025 by itnerd

The CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint cybersecurity advisory warning of widespread Ghost ransomware attacks targeting and compromising organizations in more than 70 countries with outdated versions of software and firmware on their internet facing services:

Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“The joint release has a few new surprises. One is that the ransomware groups move from initial compromise to deployment of ransomware very quickly, often on the same day. This is quite different from traditional ransomware groups that may have days, weeks, or even months from the initial access gained to the deployment of the ransomware. Second, the frequent use of Cobalt Strike. I see the use of Cobalt Strike by ransomware groups fairly common. If you’re not looking for and detecting Cobalt Strike instances, you’re just asking for trouble. Last, unpatched software and firmware (and zero-days) are involved in at least a third of successful compromises. Every organization has a patching process, but most don’t get it perfect and if one-third of all successful compromises involved finding and exploiting vulnerable software and firmware, it really should be a primary focus for all organizations. You can’t just make it one of the many things you do out of hundreds of things you do. It has to be something you focus on and dedicate significant resources to (as you also need to do to mitigate social engineering). Because if you don’t, you’ll miss something and become the next ransomware victim.”

I would recommend that anyone that is responsible for securing their organizations from cyberattacks take a look at the mitigation section of this advisory as this is pretty serious.

Leave a comment »

Newer Entries »