When recent school funding initiatives made it possible for the municipality to invest in education upgrades, Chuck Marzec, the district’s director of technology, turned to Larry Meister, president of IT solutions provider Mercury Networks. Meister, who has worked with the district for over a decade, collaborated with Marzec to determine which products and solutions would maximize learning benefits for the most students. Considering the timing, pricing, and available funding, they concluded that the LG CreateBoards could transform the experiences of every student and deliver forward-thinking classrooms that prepare students for a tech-filled world and job market.

The district last updated its projection-based classroom systems in 2012, before the explosion of new touch-sensitive smart boards that are sweeping across the education landscape. Attractive pricing helped convince the district that smart boards would be the most impactful, sustainable and widely deployable solution, offering greater capabilities than existing systems while standardizing every classroom to simplify daily management and long-term maintenance.

“LG’s easy-to-use CreateBoard interactive digital boards come at an incredible value, making them the best fit for Jamestown Public Schools. The district initially considered outfitting about half of its classrooms with a competitor product at double the price. With the CreateBoard, they’re essentially doubling their investment, creating streamlined experiences for staff and students in every room and school,” Meister explained. “The district’s previous projection systems were single-room solutions lacking significant communication options and new advances in interactivity or cloud-based learning tools. Now, with the LG CreateBoards, they have a unified 500+ display network that can be monitored, managed, and used to distribute content from a single location for morning announcements or emergencies. Additionally, the ability to set automatic on/off schedules ensures no energy is wasted, eliminating one task for today’s busy teachers.”

The district is excited about what the technology can unleash in terms of classroom participation and faculty lesson plans, including simple access to popular web-based tools such as Google Classroom. The 40-point multi-touch digital displays allow a variety of interactive lesson plans and activities that can invite multiple students to use the board at once, in addition to convenient streaming and mobile device connections for educators and students alike. For instance, teachers can quickly log in to their accounts for Google and other services by scanning an on-screen QR code with their smartphone, and then leave the room knowing that the display automatically logs out of all accounts when the wireless connection is severed.

“It’s hard to overstate the value of standardized solutions for our students, faculty and district as a whole,” Marzec says. “Running a school or district involves a lot of moving parts, and when we have teachers who may use multiple classrooms or even multiple buildings throughout a day or a week, giving them the same tools everywhere ensures there’s no time lost sorting out technical issues or troubleshooting compatibility with their prepared lessons. The same is true for today’s students who have never known a world without touchscreens. With a streamlined experience year after year, they can become fairly advanced users of the LG CreateBoard technology throughout their education, helping develop explicit technical skills alongside the school’s curriculum.”

With LG CreateBoards, teachers can easily augment lessons with presentations or videos, screen share lessons or content from their own devices and enable students to screen share projects from their devices. With the new centralized control capabilities, Jamestown Public Schools can also easily deliver video morning announcements to every room without any action required from teachers. Lessons can be saved and stored online for later viewing and study, including live annotations over text or video that enable teachers to provide context, information or discussion to delve further than standard textbook descriptions or pre-prepared content.

LG CreateBoards Enhance Teaching

According to Jason Hubbard, senior account manager for education at LG Business Solutions, implementing CreateBoards can also fundamentally change how teachers approach the classroom by freeing them to leave their desk when using digital resources.

“The two-way connection between laptops and the LG CreateBoard means that they can control and manipulate their computer or content from the CreateBoard, unlike a projection system or other non-smart solution where they have to be at the desk to exert control,” says Hubbard. “This offers educators greater freedom of movement and caters to a variety of teaching styles, which can aid engagement and attentiveness, directly affecting student and school outcomes.”

When consulting Mercury Networks, the district considered different manufacturers and options, landing on the LG CreateBoard solution based on capabilities, manufacturer support and cost. The upgrade project began with 10 initial installations at the high school, then an expansion to five schools, and then the final decision to outfit every classroom all at once ahead of the 2024-2025 school year. Each room’s audio solution is also being upgraded to provide better sound quality and ensure long-term consistency for all users.

“We are excited to see our teachers and students leverage these technologies for greater collaboration and enhanced discussions in a way that encourages participation and connects with students’ daily experiences and digital lifestyles,” Marzec adds. “Additionally, buying into LG’s ecosystem has offered us new opportunities to consider deploying connected digital signage displays in hallways, cafeterias, entrances and other public spaces to provide school messaging or community content such as student achievement reels or replays of events including sports, performances, guest speeches and extracurricular activities.”

Marzec also noted how LG’s attention to detail and willingness to provide assistance went above and beyond his expectations. In the past, technology providers had been much more hands-off, while LG acted more like a partner in terms of working to answer questions, resolve issues and ensure the district was fully satisfied with the outcome. The last installations concluded in early July 2024, with every classroom at every school ready to launch for the fall semester.

Another version of this article originally appeared on our sister-site Commercial Integrator on October 21, 2024. It has since been updated for My TechDecisions’ audience.

The post LG CreateBoards Enhance Teaching in Jamestown Schools appeared first on My TechDecisions.

Productivity plays a huge role in a company’s financial health. Recent data from McKinsey & Company shows that productivity has barely grown in the U.S. (1.4%) since 2005. They also estimate that boosting U.S. productivity represents a $10 trillion opportunity.

Few teams feel the effects of unproductive work quite like IT. Their teams are typically small, and yet their work is overwhelming and mission-critical to keeping businesses moving forward. For instance, countless SaaS applications are now integral to the operations of every company, and yet one, often lean team is responsible for their upkeep and management.

That makes IT operations a potential bottleneck. Unsurprisingly, according to Evanta (a Gartner company), CIOs say increasing efficiency and productivity are top priorities for 2023.

The Manual Trap

SaaS applications, from project management, CRM and collaboration to MarTech and expense tools, are inseparable from our daily work. And our IT stacks are continuously increasing, with companies worldwide using an average of 130 apps in 2022.

My experience in the IT space has taught me that most IT teams still manage SaaS applications manually, attempting to track their licenses, users, and renewals via spreadsheets and provisioning/deprovisioning access to applications one by one. These bandwidth-crunched teams are wasting valuable (and expensive) time completing important yet mundane and repetitive tasks that are humanly impossible to keep up with – and, therefore, prime candidates for an automation-driven productivity boost.

The Onboarding/Offboarding Bottleneck

Two of the most time-intensive IT operations are onboarding and offboarding employees from SaaS applications.

Consider this scenario: A company is growing rapidly, hiring to fill the gaps they have across their organization to keep up with the high volume of work required to hit their increasing targets. Maybe they bulk-start new employees on one specific day, every two weeks.

If they have five employees starting on that day, IT first needs to receive the information that those employees are starting. They need to learn what departments those employees will work within and what tools are required for their roles. From there, they must provision access to those applications per employee and application. Endless Slack messages, clunky application backends and likely incomplete information eat up their day.

By the time they finish provisioning that group of new hires, the next group is likely just about to start. Any failures along that scattered onboarding process create a less-than-ideal onboarding experience and derail a new employee’s initial productivity.

On the flip side of this process is offboarding employees.

Manual offboarding requires IT to work with a departing employee’s manager to learn what apps they used (a less than scientific endeavor, particularly when you consider that many employees subscribe to apps on their own without others’ knowledge), and then manually deprovision them from every application. Beyond the time sink for IT, there is also a risk factor — failing to deprovision an employee from even one could leave sensitive company information accessible.

While handling these critical tasks in this manner is inefficient, it’s also indicative of the wasteful nature of manual IT operations. IT pros are highly technical and talented. Having them spend their time on tedious tasks distracts them from working on higher-value projects.

Related: ChatGPT-Like Microsoft 365 Copilot Will Be Coming to Microsoft Productivity Apps

Increase IT Productivity Through Automation

Gartner predicts that by 2025, 70% of organizations will implement structured automation to deliver efficiency, an increase from just 20% of organizations in 2021.

Despite that, Torii’s  survey of over 200 IT professionals found that less than half of respondents have fully automated most tasks, and only 13% reported great success with automation.

So what’s stopping IT from automating? Time: 58% cite insufficient staffing or time as significant challenges in automation implementation. It’s a chicken and egg scenario.

The only way forward is through investing in tools that help manage their SaaS stack, that also include intuitive automation capabilities.

Investing in any old automation, won’t cut it either. In the context of IT, how that automation integrates and interacts with your SaaS stack is key.

Solutions such as SaaS Management Platforms, with automation built-in, provide the visibility IT needs to understand their SaaS stack and associated users and costs, as well as with the actionability required to manage it.

For the onboarding/offboarding bottleneck, this means automatically discovering and surfacing every application in use at your company, first and foremost. From that point of centralized visibility, you can create workflows that automate previously time-intensive tasks (and eliminate the chance of things falling through the cracks) to free up your IT staff’s time (and improve results).

For example, the system can detect which department new hires work in and automatically provision access to the applications they’ll require. Equally for offboarding, when an employee leaves — since you’re aware of every application they’re utilizing, the same platform can automatically deprovision them once triggered by your IDP or HRIS.

These are just small examples of the automation opportunities for IT, but when you compare them to the manual alternatives, it’s easy to imagine the productivity gains you can garner.

As companies continue looking to save costs, greater productivity could fit the bill — as it improves the value of every dollar spent.

By better using time, you’ll enable your organization to optimize resource use and focus on the objectives that drive revenue. Those that invest in productivity now stand to earn more from the efficiency gains of the future.

The post Now’s The Time to Focus on IT Productivity appeared first on My TechDecisions.

Technology has been a passion of mine for a long time, so I have personally found it fascinating to watch the variety of opinions and perspectives unfold as technologies mature. It has challenged my thinking and preconceptions, and I recognize that as a leader and a human I need to address them.

I’ve covered everything from fundamental ethics and whether it is good or bad, through to more specific considerations like ‘what do I want from AI?’, and therefore ‘what might others want from it?’.

Naturally, it’s been hotly debated by my colleagues. The leadership team is considering how today’s and tomorrow’s versions of AI should shape our own role in AI creation and adoption.

We already know that artificial intelligence for IT operations (AIOps) is poised to take advantage of the benefits. At Avantra, we’ve long evangelized the value of automation to offset risk, better utilize skill and boost productivity and innovation. But the debate that surrounds AI has helped us understand that our next phase of technical development must be underpinned with even greater pragmatism and responsibility.

The latest numbers I saw suggest that every day, 100 million people are experimenting with the likes of ChatGPT and other Large Language Models (LLM), such as Bard. Numbers like this highlight the popularity and allure that machines still have. Just like the washing machine, if it makes life easier, why would you not use it?

Download: ChatGPT and Generative AI in the Workplace

Proceeding with Caution

However, even though world renowned university colleges are condoning the use of conversational AI tools, leading experts are urging caution — legalities, politics, economics and ethics are top of the list of concerns.

It was eloquently summed up by The Future Life Institute, which is made up of over 1,000 experts, in an open letter asking the industry to pause AI development, or risk humanity and society. LLMs are learning so much so fast, that we, as a species, haven’t had time to truly process the long term impact. Ethics are at stake.

Taking Responsibility is Urgent

I think it’s a responsible challenge. As I said before the headlines have provoked my own thinking to evolve and prompted me to consider whether such a warning could, should or even will stop our own industry from forging on.

This is where I think the application of AI must be balanced against the dilemma. Take the example of producing project documentation or new product technical summaries. Is using ChatGPT to create the first draft irresponsible or a boon for productivity, freeing up time for innovation in other areas? Similarly, with the introduction of ‘copilot’ tools, like Microsoft assistant, people can increase their productivity and have more time for other things, even just going to the gym. I can see how it could make a sustainable argument for a four day week and happier colleagues.

Can Conversational AI Help Our Industry?

Of course, in my world, the real advantage of introducing ML and AI is the ability to help customers find answers to the problems they face. Using conversational AI to mine a database of known and defined errors other businesses have encountered — be that on SAP or Google — would help practitioners arrive at answers far sooner and avoid a degradation in productivity.

The process would augment the value of the intelligence we aggregate and own and, as it’s a trusted source, accelerate decision making and the time to resolution (TTR). No human can realistically (nor would they want to) hold in their brain all the common problem scenarios and fixes.

I’ve tried to do this in my professional career, and though possible, it is exhausting. That’s why I believe, applying conversational AI to the common challenges our customers face would help highly qualified and skilled humans validate and implement the decisions they take.

I’d advocate that automating the interrogation of vast knowledge banks makes complete sense, especially when it helps skilled people get on with doing what they do best — running, managing, and developing world class ERP.

I should be clear that I am wedded to the notion that it’s important the wider industry runs the AI race in tandem with the ethics that protect humanity. We must thoroughly understand the implications at every point in development and put in place the checks, balances and regulation to ensure the values we hold dear are protected and enhanced, not obliterated.

In the world of AIOps there is real value to its adoption not least to ensure mission critical systems related to food supply or energy stay online. We must therefore consider the broad view of AI technology as well as our narrower domain. Only with a balanced view and appreciation of the accountability we assume as leaders, can we make the right choices.

John Appleby leads Avantra as the Chief Executive Officer. Before Avantra John served as the Global Head of DDM/HANA Center of Excellence at SAP and as the Global Head of SAP HANA solutions at Bluefin Solutions, subsequently acquired by Mindtree. John is a recognized thought leader in the SAP market and was part of SAP’s Mentors Group. John holds an MA in computer science from the University of Cambridge.

The post Does Conversational AI Have A Role to Play in AIOps? appeared first on My TechDecisions.

Planar Studios is a cooperative initiative designed to bring together experts, thought leaders and companies dedicated to the advancement of VP and XR. The Planar Studios Virtual Production Workshop reinforces Planar and OptiTrack’s ongoing commitment to helping make VP and XR solutions more accessible and streamlined in mainstream markets, says the company.

“VP and XR is a fast-growing market, and as global leaders with established histories of delivering state-of-the-art display and optical-tracking technologies, Planar and OptiTrack are strongly positioned to lay a framework for the AV and IT communities,” says Stephanie Hines, Planar and OptiTrack EVP. “The potential of VP and XR is widespread, transforming the way companies present content in entertainment, corporate, education and beyond. Planar and OptiTrack are dedicated to helping make this a reality for all.”

Monthly Virtual Production Workshops

Kicking off in August, Planar and OptiTrack will host the workshops at Planar’s headquarters in Hillsboro, Ore. Here, it offer hands-on learning experience in the many critical elements integrated in a VP and XR volume. August workshop attendees will thus get to learn about LED display technology design and motion capture for VP and XR applications from Planar and OptiTrack. Additionally, they will experience trainings from a broad range of organizations. This includes experts from Brompton Technology, Pixera, RED, optic8 and Kino Flo Lighting Systems. Participating organizations will vary from workshop to workshop. However, topic areas will remain consistent, the company says.

According to Planar, the new workshops are being held monthly. They will also feature a special guest sharing real-world experience and key learnings. Registration is currently open for workshops taking place August 21 to 25, as well as periodic sessions in the coming months.

“The pro AV and IT industries are being called upon to deploy VP and XR solutions. This presents new questions and opportunities that are outside of the traditional AV or IT role,” says Adam Schmidt, Planar and OptiTrack EVP. “Our new Planar Studios Virtual Production Workshop is comprehensive. It offers a thorough overview of the many components that go into a successful deployment. We’re honored to help guide the industry with such a diverse and notable group of technology experts.”

Workshop Agenda

Each workshop will thus include the following sessions:

• Evening Welcome Reception: Check out the volume at Planar headquarters while connecting with other VP and XR technology enthusiasts.
• LED Displays: In this AVIXA CTS-approved course, learn how to implement LED into VP and XR. This includes an all-encompassing look at the important qualities, features and specifications. Learn about maximizing use of display technology. These include display options, site preparation, mounting, installation and alignment.
• Video Processing: Explore LED processing functionality and key features such as on-screen image manipulation, color calibration and other workflows.
• Motion Capture: Dive into the essential elements of motion capture and camera-tracking technology that enable accurate, dynamic on-screen content.
• Content Engines: Get an introduction to the media servers and software platforms used for VP, including best practices, tips and tricks.
• Video Cameras: Review digital-cinematography options as camera manufacturers cover everything from shutter and lensing features to color control and more.
• Studio Lighting: Walk through cinema-graphic and studio-lighting concepts and techniques. Also become familiar with using different fixture types for traditional and VP and XR-specific applications.
• Volume Integration: Combine the various technologies that are key in implementing a successful VP and XR volume. Additionally, walk away with real-world knowledge from a special guest.

The Planar Studios Virtual Production Workshop, presented by Planar Academy, offers a broad selection of in-person and online training courses to help AV professionals expand and enhance their knowledge and skills. At the same time, they can earn valuable continuing education credits, the company notes.

To register for the Planar Studios Virtual Production Workshop, visit www.planar.com/VP-Workshop.

Another version of this article originally appeared on our sister-site Commercial Integrator on August 9, 2023. It has since been updated for My TechDecisions’ audience.

The post Planar Studios’ Virtual Production Workshop Aims to Expand AV & IT Industries’ Knowledge Base appeared first on My TechDecisions.

Every hybrid meeting space has the same fundamental needs. Of course, it goes without saying that audio is a critical component of any hybrid meeting. In-person participants must be able to hear remote participants clearly, while also ensuring that their own audio is captured and delivered reliably. But high-quality video and an easy-to-use meeting interface are equally critical to collaboration success. 

Each meeting space needs the right mix of products to deliver an excellent experience. Huddle spaces, boardrooms, training facilities and auditoriums all need specific solutions optimized for the events and activities that they contain. Meanwhile, clients want a consistent and seamless experience across every room in the workplace. Clients expect technology to help maximize their productivity and collaboration effectiveness while enhancing their overall experience. To achieve those ends, technology must be scalable and flexible, requiring minimal setup time. 

Grand Technology Refresh 

Erica Carroll, director, product marketing and training, Mersive Technologies, reflects on the beginning of the pandemic. “There was a mad scramble to make businesses and education institutions operational again,” she recalls. Indeed, COVID-19 forced even the most recalcitrant institutions into the digital world. In a sense, then, the pandemic paved the way for what Carroll describes as “a grand technology refresh.” She continues, “The investments made during that time were thoughtful, and [many organizations had] the time and space to truly plan for the future and what it might hold.” 

So, let’s try to differentiate thoughtful technology implementations from slapdash deployments. If you ask Beau Wilder, head of future customer experiences and product portfolio management, HP| Poly, the first step in finding the right solution is to do your homework on what hybrid work means in your client’s business. “I think with that understanding of what a day [or a week] in the life is like,” he continues. “It’s about choosing purpose-built solutions to meet those needs.” Wilder declares that, if integrators don’t understand and empathize with the client’s needs on a deep level, there’s no way to effectively futureproof. 

As Wilder puts it, “You may have the best technology that can last five to 10 years, but, if you don’t have the [vision of] what they’re trying to accomplish, you’re [just] making an expensive investment. Even if it holds up hardware-wise, it’s not going to deliver the right experience.” Thus, while upgradability is, of course, important to futureproofing, it’s equally important to comprehensively understand the client’s vision, needs and pain points. 

On the topic of upgrading and systems growth, Carroll speaks about how today’s hybrid approach, which combines hardware and software resources, can provide the best of all worlds as clients anticipate manufacturers migrating toward cloud-based collaboration solutions. “The hardware/software approach gives facilities the option to upgrade the hardware or software independently, allowing for more granular control over the system’s evolution,” she says. This, Carroll notes, helps stakeholders pace systems with the demands of work and education environments. 

If you ask Jeff Bethke about the concept of futureproofed technology, you’ll be met with some skepticism. The chief business officer at Level 3 Audio Visual (L3AV), a leading communications solutions provider, says, “Unless you have a crystal ball, there are no assurances that any technology is futureproofed.” However, he adds that one way to avoid costly “rip and replace” cycles is to lean into standards. “This is pretty much the case when you invest in a UCaaS appliance running Android or Windows,” Bethke explains. “If your business pivots from Teams to Zoom for video, you can change the application mode and be up and running on a new platform. Taking a different approach and focusing on USB connectivity for organizations embracing BYOD allows whatever the user brings in to connect to the room,” he says. 

According to Bethke, L3AV has worked with customers who don’t yet have a clear UCaaS platform strategy. “But,” he notes, “Zoom is on the roadmap. So, starting with a Zoom-certified appliance like a Poly Studio X Series that also supports BYOD is a great way to improve the meeting-room experience on day one. [It also] allows for an easy transition to a native Zoom Room experience when the organization is ready.” 

Interoperability  

Aligning with his advocacy for standards-based approaches, Bethke also points to interoperability as key. “Interoperability is a critical decision point and should be part of every discovery session with a customer,” he declares. “We’re seeing cloud video interop (CVI) discussions fade away as the major UCaaS platforms are releasing their own native interop. The best scenario for most is to have your native UCaaS experience but also [support] defined workflows to join meeting invites from other platforms with native interoperability from the main UCaaS provider.” It’s still a one-touch-to-join experience, Bethke reasons, if your organization’s main platform is Teams but if you can still forward a Zoom or WebEx meeting to that room. “Making sure end users understand that is key,” he underscores. 

Wilder further emphasizes the value of interoperability, especially amid the ascent of the cloud service provider model. “I think there’s an opportunity for companies like HP that sit at the edge to be able to bring a more seamless experience,” he says. In fact, if you ask Wilder, interoperability isn’t so much a technology problem anymore; it’s more a matter of business and politics. It’s incumbent on integrators, then, to recenter conference-room design on customer needs and wants, bringing gear into the room that will streamline the front-end experience for users. 

After all, employees have gotten used to entering and exiting multiple applications with the click of a button. If we can do that in our personal environment, why not in an office environment? And yet, as return-to-office efforts continue, many of us are still finding dedicated rooms optimized for specific types of meetings. “There’s a whole bunch of opportunities there to remove all that friction…take away all those pain points,” Wilder says. Now might be the ideal time to upgrade those pandemic-built spaces for a more worker-friendly future. 

Evolution of Meeting-Space Design 

Are the days of dedicated offices and desks nearly over? According to Wilder, today’s offices seem to be much more about hot-desking than about dedicated personal space. Bethke agrees that today’s workers are constantly on the move, and that fact manifests itself in conferencing and collaboration settings. He’s seeing more desire for video-first focused rooms and less desire for long rectangular tables. According to Wilder, “People are probably going into more antiquated conference rooms than they want to be.” 

There’s good reason to believe that future meeting environments will be very fluid. “Most companies are asking for help right now on what the future of meeting spaces can and should be,” Wilder notes. “I think where we’ll ultimately wind up is the spaces will become intelligent enough to adapt to the people in [them] versus forcing the people to learn the spaces that they walk into.” Already, spaces are starting to bend to the individuals who occupy them, rather than requiring team members to learn a new room every time they encounter one. “If one room has different gear, one room is set up for a Microsoft Teams call and another is set up for a Zoom call, we have to remove all that friction,” he declares. “We have the capability now with the technology in our hands to do that.” 

AI Investments 

Another element of futureproofing to bear in mind is AI, which most everyone expects to be a long-term disruptive force and whose evolution is moving incredibly fast. “The horse has already left the barn,” Wilder says. That being said, although AI is the shiny object capturing everyone’s attention, it’s still just another tool in the toolbox, enabling us to deliver better experiences. To that point, it’s incumbent on integrators to leverage AI so that companies can better understand how their workforce is working. For too long, stakeholders have had to guess when people were coming in, how they were using collaboration spaces, which spaces were successful, who was actually working in those spaces (and with whom), etc. 

“I think, with AI and the pace that it’s moving, we’re going to have just a whole other set of insights that, frankly, we can’t really anticipate just yet,” Wilder says. “It’s moving that fast. I think it’ll be everywhere.” 

Bethke agrees, adding that AI and automation will have an impact by moving beyond simply monitoring systems and toward creating micro-services and edge applications to gather data to drive reporting on whatever KPIs the organization values. “This type of thinking and architecture allows for any problem statement to be processed into a set of data to be gathered and processed to ultimately bring more value from our services to our customers,” he states. 

A Brighter, More Connected Future 

As AI continues to advance, today’s conferencing technology can identify where people are situated in a room, thus helping to deliver very human experiences. Remote employees can have an equal experience, bringing about the best of meeting equity. “We can now do that in a mixed environment, as well,” Wilder says. “I think that’s just the tip of the iceberg.” 

“Everyone has been forced to innovate and reimagine what could be and how people interact within these collaborative spaces,” Carroll remarks. “The industry has already laid the groundwork for what’s to come. We see a technology hybrid model that combines hardware and software continue to be the standard in education and corporate environments. Now, it’s about hardware and software working to create an experience out of a solution. We’re catapulting forward into a future that’s brighter and more connected.” 

Another version of this article originally appeared on our sister-site Commercial Integrator on July 26, 2023. It has since been updated for My TechDecisions’ audience.

The post Maximizing Technology Investments Post-Pandemic appeared first on My TechDecisions.

Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched.

The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from Email Security Gateway (ESG) appliances on May 18, which prompted the company to begin an investigation with the help of cybersecurity firm Mandiant.

This week, Barracuda updated its notice, urging customers with impacted ESG appliances to replace them regardless of their patch version level.

“Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG,” the company says in its advisory.

According to the advisory, Barracuda identified a remote command injection vulnerability in their ESG appliance one day after discovering the “anomalous traffic” and engaging Mandiant. A patch was released a day after that on May 20, but the patch is apparently not enough to prevent compromise of the affected devices.

The company is also releasing a “series of security patches” to all appliances.

Exploitation for 10 months

Alarmingly, Barracuda and other cybersecurity firms say exploitation of these ESG appliances has been discovered to date back to fall 2022, specifically October 2022.

According to Barracuda, the vulnerability existed in a module which initially screens attachments of incoming emails. The bug has been leveraged to obtain unauthorized access to a subset of ESG appliances, and malware was identified on a subset of appliances to give attackers a backdoor.

Evidence of data exfiltration was also identified, the company says.

The company notified users with impacted appliances to take action, but “additional customers may be identified in the course of the investigation,” the firm says.

About the vulnerability and malware

According to Barracuda, the vulnerability, CVE-2023-2868, stems from “incomplete input validation of user supplied .tar files as it pertains to the names of files contained within the archive.”

This allows a remote attacker to format file names in a particular manner that would result in “remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product,” the company says.

Barracuda also identified three malware strains that make the backdoor possible.

Recommendations

Barracuda is recommending that organizations with ESG appliances ensure that the devices are receiving and applying updates and security patches, but the company is of course also recommending that organizations discontinue the use of compromised ESG appliances and contact the company’s support to obtain a new ESG virtual or hardware appliances.

In addition, organizations should rotate any applicable credentials connected to the ESG appliance, including:

• Any connected LDAP/AD
• Barracuda Cloud Control
• FTP Server
• SMB
• Any private TLS certificates

Organizations should also review their network logs for any of the indicators of compromise listed in Barracuda’s advisory. They should contact compliance@barracuda.com if any are identified, the firm says.

Barracuda’s official statement

The company’s official statement reads as such:

The latest information related to the Barracuda’s Email Security Gateway (ESG) vulnerability and incident has been published on Barracuda’s Trust Center (https://www.barracuda.com/company/legal). The product CVE is published here: https://nvd.nist.gov/vuln/detail/CVE-2023-2868. 

An ESG product vulnerability allowed a threat actor to gain access to and install malware on a small subset of ESG appliances. On May 20, 2023, Barracuda deployed a patch to ESG appliances to remediate the vulnerability. 

Not all ESG appliances were compromised, and no other Barracuda product, including our SaaS email solutions, were impacted by this vulnerability.

As of June 8, 2023, approximately 5% of active ESG appliances worldwide have shown any evidence of known indicators of compromise due to the vulnerability. Despite deployment of additional patches based on known IOCs, we continue to see evidence of ongoing malware activity on a subset of the compromised appliances. Therefore, we would like customers to replace any compromised appliance with a new unaffected device.

We have notified customers impacted by this incident. If an ESG appliance is displaying a notification in the User Interface, the ESG appliance had indicators of compromise. If no notification is displayed, we have no reason to believe that the appliance has been compromised at this time. Again, only a subset of ESG appliances were impacted by this incident.  

Barracuda’s guidance remains consistent for customers. Out of an abundance of caution and in furtherance of our containment strategy, we recommend impacted customers replace their compromised appliance. If a customer received the User Interface notification or has been contacted by a Barracuda Technical Support Representative, the customer should contact support@barracuda.com to replace the ESG appliance. Barracuda is providing the replacement product to impacted customer at no cost. 

If you have questions on the vulnerability or incident, please contact compliance@barracuda.com. Please note that our investigation is ongoing, and we are only sharing verified information. 

Barracuda has engaged and continues to work closely with Mandiant, leading global cyber security experts, in this ongoing investigation. 

We will provide updates as we have more information to share.

The post Barracuda: Replace Compromised ESG Appliances Immediately appeared first on My TechDecisions.

That includes Microsoft, which is attributing the attacks exploiting the bug, tracked as CVE-2023-34362, to a group it calls “Lace Tempest,” which is known for ransomware operations and running the Clop extortion site.

The Redmond, Wash. tech giant says the group has used similar vulnerabilities in file transfer tools to steal data and extort victims in the past.

In a series of tweets, the Microsoft Threat Intelligent Twitter account revealed several details on the attacks, saying exploitation is typically followed by deployment of a web shell with data exfiltration capabilities.

Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. pic.twitter.com/q73WtGru7j

— Microsoft Threat Intelligence (@MsftSecIntel) June 5, 2023

According to Progress Software, the vulnerability in MOVEit Transfer could lead to escalated privileges and potential unauthorized access to the environment. MOVEit Transfer customers are advised to take immediate action to help protect their environment. Organizations are urged to apply the patch immediately.

According to a statement from a MOVEit spokesperson, the company promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps. “We disabled web access to MOVEit Cloud to protect our Cloud customers, developed a security patch to address the vulnerability, made it available to our MOVEit Transfer customers, and patched and re-enabled MOVEit Cloud, all within 48 hours. We have also implemented a series of third-party validations to ensure the patch has corrected the exploit.”

Affecting all supported MOVEit Transfer versions, CVE-2023-34362 is an SQL injection vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database.

“Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements,” the company says.

In the meantime, the MOVEit says its continuing to work with cybersecurity experts to investigate the issue. A company spokesperson said in a statement, “We have engaged with federal law enforcement and other agencies with respect to the vulnerability. We are also committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products. Additional details are available on our knowledge base articles for MOVEit Transfer and MOVEit Cloud.”

Experts Weigh in On MOVEit Vulnerability

On Monday, reports of widespread exploitation came pouring in, as several security firms say their customers are under active attack.

Caitlin Condon, senior manager for security research at Rapid7, says the company has responded to alerts across a range of organizations from small businesses to enterprises with “tens of thousands of assets.”

There doesn’t appear to be any particular target vertical of organizational profile, Condon says, as victim organizations have so far included technology, insurance, manufacturing, municipal government, healthcare and financial services. The amount of data varies case by case, but Rapid7 has responded to “multiple incidents where several dozen gigabytes of data was stolen,” Condon says.

In a Rapid7 blog, the company says it has observed an uptick in related cases since the bug was disclosed last week, and the company’s researchers say the vulnerability was exploited at least four days prior to Progress Software’s first advisory on May 31.

These updates confirm what Satnam Narang, senior staff research engineer at Tenable, said last week, attributing the exploitation of file transfer tools to double extortion ransomware groups like Clop.

“While we don’t know the specifics around the group behind the zero day attacks involving MOVEit, it underscores a worrisome trend of threat actors targeting file transfer solutions,” Narang said last week. “Organizations that use MOVEit software should assume compromise and engage in incident response to determine the potential impact, if any.”

MOVEit customers are advised to check for indicators of compromise and unauthorized access over at least the past 30 days.

The post Ransomware Groups Confirmed to be Exploiting MOVEit Bug appeared first on My TechDecisions.

According to CNN, the C919’s first flight left Shanghai at 10:32 am. Sunday and landed at the Beijing Capital International Airport at 12:31 p.m. This is being hailed as an important moment in China’s strategy to boost domestic manufacturing by 2025 and reduce reliance on foreign companies in the aviation sector.

While manufactured in China, many of the airplane’s components do come from Western companies. Leading to further scrutiny of the aircraft’s development are allegations that a Chinese state-aligned adversar conducted cyber intrusions against several of those companies that make the C919’s components. These allegations are detailed in a lengthy and detailed 2019 report from cybersecurity firm CrowdStrike as well as a series of indictments against both cyber actors and insiders.

CrowdStrike could not be reached for comment, so this article is sourced entirely from the firm’s report and U.S. Department of Justice indictments.

In CrowdStrike’s report, the company says its research corroborates a series of DOJ indictments released over the course of two years during the C919’s development that highly suggests cyber actors from China, company insiders and state directives targeted foreign companies to fill key technology and intelligence gaps to better compete with against the western aerospace industry.

“What follows is a remarkable tale of traditional espionage, cyber intrusions, and cover-ups, all of which overlap with activity CrowdStrike Intelligence has previously attributed to the China-based adversary TURBINE PANDA,” CrowdStrike said in the 2019 report, alleging that the operations can be traced back to China’s Ministry of State Security’s (MSS) Jiangsu Bureau, the alleged perpetrators of the infamous 2015 U.S. Office of Personnel Management (OPM) breach.

Cyberattacks beginning in 2010

According to CrowdStrike, Turbine Panda, conducted cyber intrusions against between 2010 and 2015 against foreign manufacturers of aviation components, including many that were chosen for the C919.

The state-owned enterprise (SOE) Commercial Aircraft Corporation of China announced in December 2009 that it had chosen CFM International’s (a joint venture between U.S.-based GE Aviation and French aerospace firm Safran, formerly Snecma) LEAP-X engine to provide a custom variant engine, the LEAP-1C, for the then-newly announced C919.

Despite the deal, both COMAC and fellow SOE the Aviation Industry Corporation of China were believed to be tasked by China’s State-owned Assets Supervision and Administration Commission of the State Council (SASAC) with building an “indigenously created” turbofan engine that was comparable to the LEAP-X, CrowdStrike says in its report. In 2016, the Aero Engine Corporation of China produced the CKJ-1000AX engine, which bears multiple similarities to the LEAP-1C engine.

While CrowdStrike admitted that it is difficult to assess if the Chinese engine is a direct copy, the cybersecurity firm said it is highly likely that its makers benefitted significantly from the cyber campaign of the Jiangsu Bureau of the MSS (JSSD).

CrowdStrike, citing its own intelligence reporting and U.S. government sources, says the Chinese government uses a “multi-faceted system” of forced technology transfer, joint ventures, physical theft from insiders and cyber espionage to acquire information to fill key knowledge gaps.

One DOJ indictment, CrowdStrike says, describes initial preparatory action that included compromising Los Angeles-based Capstone Turbine servers and later using a doppelganger site as a strategic web compromise (SWC) in combination with DNS … to compromise other aerospace firms.”

From 2010 to 2015, the linked JSSD operators are believed to have targeted a variety of aerospace-related targets … using two China-based APT favorites, PlugX and Winnti, and malware assessed to be unique to the group dubbed Sakula.

Many individuals associated with the campaign are “assessed to have storied histories in legacy underground hacking circles within China dating back to at least 2004,” CrowdStrike says, citing the DOJ.

Indictments

As detailed in CrowdStrike’s report, the U.S. Department of Justice released several indictments from 2017 through October 2018, charging several individuals with activities related to theft of trade secrets and hacking related to the development of the C919.

The indictments were against Sakula developer YU Pingan, JSSD Intelligence Officer XU Yanjun, GE employee and insider ZHENG Xiaoqing, U.S. Army Reservist and assessor JI Chaoqun, and 10 JSSD-affiliated cyber operators.

“What makes these DoJ cases so fascinating is that, when looked at as a whole, they illustrate the broad, but coordinated efforts the JSSD took to collect information from its aerospace targets,” CrowdStrike says in its report. “In particular, the operations connected to activity CrowdStrike Intelligence tracked as TURBINE PANDA showed both traditional human-intelligence (HUMINT) operators and its cyber operators working in parallel to pilfer the secrets of several international aerospace firms.”

Insiders

CrowdStrike and the DOJ also detail how insiders and IT employees helped steal information and coverup the cyber activities, offering new insight into how adversaries leverage a wide variety of tools and techniques to accomplish their goals.

According to CrowdStrike and the DOJ, a GE insider was charged with using “an elaborate and sophisticated means” to steal GE trade secrets after being recruited by a Chinese aerospace official closely aligned with the country’s Ministry of Industry and Information Technology.

In addition, IT employees at the Canada-based International Civil Aviation Organization (ICAO), the United Nations body that sets global aviation standards, allegedly covered up a cyber intrusion by another alleged China state-sponsored actor that had been observed targeting the aviation industry.

CrowdStrike, citing public reporting, says the intrusion at ICAO was “likely designed to facilitate a strategic web compromise (SWC) attack … that would easily provide a springboard to target a plethora of other aerospace-related as well as foreign government victims.”

“Upon being alerted to the breach by the Aviation Information Sharing and Analysis Center (AISAC), the ICAO internal IT investigation staff was reportedly grossly negligent, and the cyber intruders may have had direct access to one of their superuser accounts,” CrowdStrike says in its report. “In addition, a file containing a list of all the potential organizations who were compromised by the incident mysteriously disappeared during further investigations.”

Both the ICAO IT supervisor in charge of the mishandled internal investigation and the ICAO’s secretary general who shelved recommendations to investigate the IT supervisor and his four team members, were both found by CrowdStrike to have ties to China’s aviation industry, CrowdStrike says.

Takeaways from four years later

This article is just a snippet of CrowdStrike’s reporting and what Turbine Panda and other associated groups are alleged to have done to help boost the Chinese aviation sector. But more than that, it tells the tale of how advanced persistent threat (APT) groups and other sophisticated threat actors will go to extraordinary means to accomplish their end goals.

That includes advanced hacking techniques, leveraging insiders, physical theft and collaborating with the massive underground cybercrime community to launch multi-faceted attacks against a particular organization or industry.

The post The Cyberattacks and Insider Threats During The Development of China’s C919 Passenger Jet appeared first on My TechDecisions.

The event will feature over 350 exhibiting brands and more than 150,000 net square feet of exhibits, demo rooms and new product activations.

“We are energized for CEDIA Expo 2023,” says Jason McGraw, CTS, group vice president for CEDIA Expo, Commercial Integrator Expo and KBIS, Emerald. “This September’s show returns to Denver and will feature an incredible array of leading technology brands unveiling the future of integrated residential systems technologies and solutions. Attendees can network with new and returning exhibitors showcasing their latest products hands-on at the in-person show. We believe many attendees will find immense value in the co-location of CEDIA Expo and Commercial Integrator Expo.”

He continues, “The growth in systems integrators, designers, distributors, architects, home builders and contractors expanding their businesses with commercial and resimercial projects has created a unique opportunity to deliver professional development and business networking to accelerate business growth.”

The three-day event will unite over 18,000 industry professionals in the home technology, design, architecture and construction industries with leading manufacturers across the fields of AV, security, control, lighting, wellness and much more.

Why IT Professionals Should Attend Commercial Integrator Expo

Networking & Education Sessions

In addition, various networking and educational sessions will be held throughout the conference.

The returning Innovation Hub and Smart Stage will feature a completely refreshed lineup of speakers and topics, while many more educational opportunities will be offered through the Manufacturer Product Training and CEDIA Conference.

The co-location of CEDIA Expo 2023 and Commercial Integrator Expo 2023 will offer educational opportunities, networking and new product exploration. Attendees with registration for CEDIA Expo 2023 will have access to the Commercial Integrator Expo 2023 exhibits. Additionally, CEDIA members will receive free access to the show floor. With the All-Access CEDIA Training Pass, CEDIA members can save $500 on CEDIA Education offerings. Additional information for the CEDIA Conference will be shared over the coming weeks.

Registration for CEDIA Expo from September 6 through September 9, 2023, in Denver, CO can be found on CEDIA’s website. Non-CEDIA members should register before June 4, 2023, to receive Super Saver prices for show floor and training passes.

In the meantime, the My TechDecisions  Commercial Integrator and CE Pro team can’t wait to see everyone at the show!

The post Commercial Integrator Expo & CEDIA Expo Registration Now Open appeared first on My TechDecisions.

Like other tech giants, the company used its event to make important announcements in generative AI to help accelerate its enterprise adoption with Red Hat OpenShift AI, as well as several new capabilities in its automation platform Ansible.

The company is also focusing on simplifying management for Red Hat Enterprise Linux and securing the software supply chain.

Let’s look at the more notable announcements from the Raleigh, North Carolina-based tech firm’s announcements at its Red Hat Summit event in Boston, Mass.:

Red Hat OpenShift AI and Generative AI

According to Red Hat, the company is building and expanding upon the capabilities of OpenShift and OpenShift Data Science with OpenShift AI to give IT operations leaders, data scientists and developers a unified solution to train, serve, monitor and manage the lifecycle of artificial Intelligence (AI) and machine learning (ML) models and applications.

The company says Red Hat OpenShift AI underpins the generative AI services of IBM watsonx.ai, IBM’s new AI platform designed to scale intelligent applications and services across all aspects of the enterprise.

Red Hat says OpenShift AI solves a few key issues: the infrastructure-intensive training of AI models and requirement of specialized platforms and tools before serving, tuning and managing the model. OpenShift AI provides the infrastructure consistency across training, deployment and difference, the company says.

OpenShift AI provides a standardized foundation for creating production AI/ML models, as well as running the resulting applications, along with the ease-of-use and cloud-to-edge deployment options of OpenShift, the company says.

OpenShift AI provides several technology partner offerings, including Anaconda, IBM Watson Studio, Intel OpenVINO and AI Analytics Toolkit, NVIDIA AI Enterprise and Starburst, as well as 30 additional certified partners as part of the OpenShift ecosystem.

Customers with regulatory and compliance requirements, including air-gapped and disconnected environments can use OpenShift AI on -premises, while customers can also develop models in the public cloud and deploy them on-premises or at the edge, the company says. This provides a unique hybrid MLOps environment that enables collaboration between IT, data science and application developers, the company says.

According to Red Hat, new enhancements to OpenShift AI include deployment pipelines for AI/ML experiment tracking and automated ML workflows, model serving with GPU support for inference and custom model serving runtimes, and model monitoring to help organizations manage performance.

Ansible Lightspeed with IBM Watson Code Assistant

OpenShift AI, Red Hat says, is the base of IBM’s new AI enhancements including IBM Watson Code Assistant, to deliver domain-specific AI to IT organizations and developer teams.

This is done by bringing IBM Watson Code Assistant to Ansible, giving users the ability to write Ansible Playbooks with AI-generated recommendations. This new service is designed to help drive consistent and accurate automation adoption across an organization, the company says.

According to Red Hat, Ansible Lightspeed is the next phase of its Project Wisdom initiative, making it available to users, contributors, customers and Red Hat’s partner ecosystem. The service integrates with Watson Code Assistant, which will be available later this year. This allows access to IBM foundational models to quickly build automation code.

Event-Driven Ansible

Sticking with the IT automation theme, Red Hat also announced Event-Driven Ansible, a scalable solution designed to expand how organizations activate automation as a reliable strategy across the hybrid cloud.

The solution, slated for availability in June, is for Red Hat Ansible Automation Platform 2.4 customers; is designed to connect infrastructure and application observability tools with enterprise-grade Ansible automation, helping IT teams to pre-determine and define rules to initiate automated responses to situations like unresponsive system processes or unauthorized access requests.

When an event is trigged, the solution automatically executives the desired action via Ansible Playbooks or direct execution modules, with the ability to chain multiple events together into more complex automation actions, Red Hat says.

Event-Driven Ansible integrates with event sources form third-party monitoring, observability and IT tools, including Cisco ThousandEyes, CyberArk, Dynatrace, F5, IBM Instana, IBM Turbonomic, Palo Alto Networks, with additional partner integrations to follow.

Supplementary Red Hat-developed content is available for Red Hat OpenShift, Red Hat Insights, AWS, Microsoft Azure, Google Cloud Platform and ServiceNow, the company says.

Red Hat Enterprise Linux management

To help organizations better manage Red Hat Enterprise Linux, Red Hat is launching new capabilities in Red Hat Insights to give IT teams more insight and management tools to find and resolve IT issues much faster across the hybrid cloud. The tools are available through any browser via console.redhat.com and are designed to unify the management of Red Hat Enterprise Linux deployments in a single user interface, the company says.

According to Red Hat, these expanded capabilities build on the information provided by existing Red Hat Insights’ predictive analytics, which can detect potential bugs, misconfigurations or security vulnerabilities using Red Hat’s expertise in running Linux platforms in critical production environments.

The enhancements allow IT administrators to fix bugs without needing Red Hat Satellite Server and act on server groups simultaneously using patch templates, as well as build standardized operating system images that comply with organization-specific requirements.

Red Hat Advanced Cluster Security Cloud Service

According to the company, Red Hat Advanced Cluster Security Cloud Service is a new service that brings together Kubernetes-native security capabilities with a fully Red Hat-managed offering to help organizations take a security-forward approach to building, deploying and maintaining cloud-native applications regardless of the underlying Kubernetes platform.

The managed service supports both Red Hat OpenShift on private and public clouds and non-Red Hat Kubernetes services across major cloud providers, including Amazon EKS, Google GKE and Microsoft AKS, bringing security coverage to containerized applications regardless of where they are deployed.

Organizations can scale security capabilities across multiple clusters, whether on-prem or in the cloud while lowering operational costs by reducing the learning curve for implementing Kubernetes-native security without sacrificing necessary capabilities or enforcement, the company says.

Red Hat Trusted Software Supply Chain

Red Hat announced its Trusted Software Supply Chain Solution designed to protect against software supply chain vulnerabilities. The company says two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, are joining in preview mode the existing Red Hat software and cloud services, including Quay and Advanced Cluster Security (ACS), to advance the successful adoption of DevSecOps practices, and embed security into the software development lifecycle.

Essentially, Red Hat Trusted Software Supply Chain allows customers to more efficiently code, build and monitor software using proven platforms, trusted content and real-time security scanning and remediation.

The solution allows customers to import git repositories and configure container-native continuous build, test, and deployment pipelines via a cloud service; inspect source code and transitive dependencies auto-generate Software Bills of Materials and verify and promote container images via a release criteria policy.

Visit the Red Hat Summit newsroom to learn more about these announcements and others.

The post Red Hat Summit 2023 Releases: AI, Automation, IT Management, Security appeared first on My TechDecisions.