Cisco | September 25, 2023
Cisco and Splunk are joining forces to advance organizations from reactive threat handling to proactive threat anticipation and prevention.
Together, they will emerge as a major global software entity, boosting Cisco's shift towards recurring revenue.
This collaboration unites two esteemed workplaces with shared values, robust cultures, and skilled teams.
The synergy between these pioneering companies positions them for leadership in AI-driven security and observability.
Anticipated to yield positive cash flow and improved gross margins in the initial fiscal year following the merger, with non-GAAP EPS enhancement expected by year two.
Cisco and Splunk, the leader in cybersecurity and observability, today announced a definitive agreement under which Cisco will acquire Splunk for $157 per share in cash, representing an equity value of approximately $28 billion. Gary Steele, president and CEO of Splunk, will join Cisco's Executive Leadership Team upon completion of the acquisition, reporting to Cisco chair and CEO Chuck Robbins.
Chair and CEO of Cisco, Chuck Robbins, remarked,
We're excited to bring Cisco and Splunk together. Our combined capabilities will drive the next generation of AI-enabled security and observability. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient.
[Source: Cision PR Newswire]
Every company relies on data to operate its business and make mission-critical choices in today's hyper-connected environment. Accelerating and adopting generative AI, growing danger surfaces, and different cloud environments offer unprecedented complexity for enterprises. To be digitally resilient, organizations must better manage, preserve, and unleash data's value.
Gary Steele, president and CEO of Splunk, stated that they would together form a global security and observability leader that will harness the power of data and AI to deliver outstanding customer outcomes and transform the industry. Steele added that they’re eager to join forces with a trusted and long-time partner who shares their passion for innovation and top customer experience, and they expect their community of Splunk employees to benefit from the greater opportunities as they bring together two purpose-driven and respected organizations.
Cisco and Splunk will give insight across hybrid and multi-cloud systems, enabling clients to provide seamless application experiences for digital enterprises. The companies can help other organizations responsibly use AI due to their scale, data visibility, and trust. These two firms will unite to invest more in innovative products, accelerate innovation, and expand globally to serve clients of all sizes. The transaction is expected to be cash flow positive and gross margin accretive in the first fiscal year post-close, with non-GAAP EPS accretive in year two. The acquisition is subject to regulatory approval and customary closing conditions, including approval by Splunk shareholders.
Advisors for the Cisco-Splunk acquisition include Tidal Partners LLC, Simpson Thacher & Bartlett LLP Cravath and Swaine & Moore LLP, among others.
Enterprise Security, Platform Security, Software Security
Prnewswire | July 19, 2023
Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog.
GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file.
Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged.
The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe.
Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks.
This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain.
About Legit Security
Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.
OpenAI | September 07, 2023
OpenAI unveils ChatGPT Enterprise, which provides businesses with enterprise-grade advanced capabilities.
ChatGPT Enterprise offers a brand-new administrator portal with tools to manage how employees utilize ChatGPT within an organization.
The launch of ChatGPT Enterprise coincides with intensifying competition in the chatbot domain with companies such as OpenAI, Google, Microsoft, and Anthropic.
According to OpenAI, artificial intelligence can enhance numerous aspects of professional lives and increase team creativity and productivity. This represents an important milestone in the development of an AI assistant for the workplace that can help with any task, which is tailored to business needs and protects sensitive information.
OpenAI, an industry-leading AI research and deployment organization that conducts research and implements machine learning (ML), announced the introduction of ChatGPT Enterprise. The latest product offers enterprise-grade protection and privacy, extended context windows for processing longer inputs, limitless higher-speed GPT-4 access, customization possibilities, additional data analysis capabilities, and much more.
ChatGPT Enterprise introduces an all-new admin portal equipped with essential tools for managing and controlling ChatGPT's usage within a company. These tools include domain verification integrations, single sign-on integrations, and a user-friendly dashboard packed with usage statistics. Employees can leverage ChatGPT to streamline internal processes and construct internal workflow through easily shareable discussion templates. Additionally, businesses have the option to tailor ChatGPT-powered solutions to their specific needs by utilizing credits on OpenAI's API platform.
OpenAI’s latest product grants users unrestricted access to an advanced data analysis feature previously known as Code Interpreter. This capability empowers ChatGPT to proficiently analyze data, solve mathematical problems, create charts, and perform a range of other tasks.
Both ChatGPT Plus and ChatGPT Enterprise operate on the powerful GPT-4, OpenAI's cutting-edge AI model. However, ChatGPT Enterprise customers enjoy priority access to GPT-4, which boasts twice the speed of the standard GPT-4 model and an expanded context window that accommodates up to 32,000 tokens, equivalent to approximately 25,000 words.
The introduction of ChatGPT Enterprise overlaps with intensifying competition in the chatbot sector. OpenAI, Google, Microsoft, and Anthropic are engaged in an intense AI arms competition. In addition to releasing new chatbot applications, their objective is to introduce innovative features that encourage the widespread adoption of generative AI in daily operations.
Google and Microsoft, for example, are continuously refining their respective Bard and Bing chatbots with innovative features such as visual search. In the meantime, Anthropic, an AI startup founded by former OpenAI executives, has made a splash with its AI chatbot, Claude 2.