The Kaseya backup line is growing, following the company’s acquisitions of two data protection vendors. Now Kaseya is adding a program that guarantees customers to managed service providers.
In 2018, the IT management firm acquired cloud-to-cloud backup vendor Spanning and backup and recovery provider Unitrends. Both Spanning and Unitrends continue to operate as a stand-alone independent business unit within Kaseya, which is based in New York City.
Spanning, which backs up data stored in SaaS applications such as Office 365, Salesforce and G Suite, is a quickly surging part of Kaseya business.
“The Office 365 market is on fire,” said Kaseya CEO Fred Voccola.
Kaseya acquired Spanning in October. At the same time, it also launched Kaseya Office 365 Backup powered by Spanning.
On the Unitrends front, Voccola said Kaseya uses Unitrends technology throughout its product offerings.
“IT is getting more complex than it’s ever been. It’s great technology and it’s also easy,” Voccola said of Unitrends.
Kaseya backup offering a ‘Done Deal’
Kaseya backup is aiming to make the customer acquisition process easier for managed service providers (MSPs) with a new “Done Deal” program that officially launched this month.
The program contractually commits Kaseya to provide a paying customer to the MSP within 90 days.
Voccola said many MSP leaders struggle with sales and marketing.
“Very rarely are they professionally trained, go-to-market executives,” he said.
Unitrends MSP CEO Mike Sanders added: “They have an opportunity to get in front of new customers, which is the single most difficult thing MSPs go through.”
Voccola would not publicly disclose details about how Kaseya gets the customers to MSPs. Kaseya, though, plans on providing 3,000 customers over the next year. A typical customer is an SMB looking to work with an MSP, Voccola said.
The Unitrends and Kaseya backup program is out in North America as well as part of the Europe, Middle East and Africa (EMEA) market. Kaseya is looking to launch it in more of EMEA and beyond in 2019.
“I’ve never seen a program receive as much enthusiasm as this,” Voccola said.
Kaseya claims about 15,000 MSP customers.
Kaseya and Unitrends look ahead
Sanders said that while there is a lot of synergy between Unitrends and Kaseya, Unitrends’ independence from its owner is a major reason why the integration is going smoothly.
“You hear a lot of acquisition stories that don’t go this way,” Sanders said.
Unitrends is looking to use Kaseya technology more in its product set. It’s also looking for more opportunities like the Done Deal program. Sanders said he has a couple of product ideas and anticipates announcements over the next few months.
Kaseya’s acquisition of Unitrends brought together remote monitoring and management, endpoint management, network monitoring and management, professional services automation, security, and backup and disaster recovery. The Kaseya backup acquisition was similar to the 2017 merger of IT management provider Autotask and data protection vendor Datto.
Sanders referred to Datto as his company’s biggest competition.
Edwin Yuen, senior analyst at Enterprise Strategy Group, said that while the convergence of data protection and data management has been a key trend lately, it’s starting to go a step further.
“Data protection is now becoming part of systems’ management as a whole,” Yuen said.
That includes security, compliance, backup and recovery all working together, and an overall better understanding of applications and systems.
“That’s something you’ll see more,” Yuen said.
Voccola said in the next year he anticipates Kaseya will make several more acquisitions.
NetApp beat its guidance and analysts’ expectations for last quarter’s revenue and income, and also exceeded expectations for technology buzzwords used during its earnings call.
“Our opportunity is framed by the data-driven digital transformation of business and defined by major technology transitions, led by cloud, IoT and artificial intelligence,” CEO George Kurian said during NetApp’s earnings call Wednesday. “The adoption of hybrid multi-cloud environments is changing how modern IT infrastructures are built and consumed, and NetApp is at the heart of these transitions.”
Kurian hit almost all the technology hot areas, but that was the point. Extending the vendor’s message from last month’s NetApp Insight, Kurian positioned the NetApp Data Fabric as a bridge from on-premises flash to edge and cloud storage. He said NetApp made strides in all areas, although all-flash growth slowed and its hyper-converged private cloud product does not yet have enough revenue to break out.
NetApp revenue of $1.52 billion grew 7% year-over-year and its product revenue of $913 million increased 11% over last year. The vendor’s financial health is sound. NetApp’s income of $241 million increased from $174 million in the same quarter last year, and it finished the quarter with $4.3 billion in cash. NetApp revenue has grown at least 7% for five straight quarters, and the vendor has shown a profit in four of those quarters.
Yet NetApp’s guidance indicates a slowdown in growth coming this quarter. The midway point of its revenue forecast of $1.55 billion and $1.65 billion implies only a four percent year-over-year increase. NetApp CFO Ron Pasek pointed to several “headwinds” impacting that guidance, including currency rates, interest rates, and trade disputes with China.
“We’re just generally cautious trying to maintain our track record of providing clear guidance and meeting or beating it,” Kurian said. “I don’t think there is anything that you should read into it that shows less confidence.”
Here is where NetApp stands in its main product areas of flash, cloud and hyper-convergence:
NetApp reported 29% revenue growth from all-flash systems, including its flagship All-Flash FAS arrays as well as its E Series and SolidFire storage (including NetApp HCI). That’s down from 50% year-over-year growth in the previous quarter. Kurian said NetApp has not dropped pricing in reaction to the lower cost of NAND.
Kurian said, despite a sharp growth in all-flash systems, NetApp still sells a mix of hybrid arrays that include hard disk drives. All-flash arrays remain around 14% of NetApp’s installed base, the same total as the previous quarter.
“We still have a small percentage of our installed base on all-flash arrays, so there is plenty of headroom,” Kurian said.
Kurian said customers are moving to NVMe drives but it’s still early for NVMe over Fabrics, which he called “the truly strategic part of the NVMe roadmap. It will take time to adopt, like any new storage protocol.”
Kurian said hybrid arrays using flash for performance in combination with high-capacity hard disk drives “will continue to be an ongoing percentage of our business for as long as I can see.”
Cloud data services
NetApp launched a bevy of cloud-related storage products at Insight. Kurian said NetApp is in the early stages of selling to hyperscale data centers but has seen early success with Cloud Volumes OnTap for application developers.
“Our unique differentiator is cloud integration,” Kurian said. “Our entire portfolio is made stronger by the Data Fabric and our ability to support a hybrid multi-cloud environment.”
NetApp claimed $27 million in revenue from monthly recurring cloud data services. That was a 35% increase from the previous quarter.
NetApp still isn’t breaking out its HCI revenue, about a year after entering that market. But Kurian said he is happy with NetApp HCI’s success so far. He said NetApp’s HCI approach of selling storage and compute in separate nodes instead of in one chassis is working. NetApp positions HCI as a private cloud building block that connects to public clouds in a hybrid setup.
Pasek said the company runs into traditional HCI players Nutanix and VMware in most hyper-converged deals.
“I think that we are seeing more new competitors as we attack the hyper-converged market,” Kurian said. “So, we are expanding our competitive assault on hyper-converged market.”
ClearSky Data today scored $20 million in funding and a partnership with Equinix to expand coverage for its managed storage services.
New investor Pear Tree Partners participated in the funding round, with previous investors General Catalyst, Highland Capital Partners and Polaris Partners joining. Another investor, described by ClearSky as “a market-leading technology provider,” also participated but asked not to be identified. The funding brings ClearSky’s total to $59 million.””
ClearSky Data launched in late 2015 with a managed service that uses on-premises appliances for hot data, its Points of Presence (POP) data centers for warm data and public clouds for data protection.
The vendor has since expanded its technology offerings. In 2017 it added automated backup and disaster recovery services. ClearSky followed with a NAS service for file data and support for object storage through VMware Cloud on AWS this year.
ClearSky founder and CEO Ellen Rubin said the funding as well the Equinix partnership will accelerate its expansion of POP locations. ClearSky has POP sites in Boston, New York, Chicago and Ashburn, Virginia. Rubin said the goal is to triple that total and cover the entire United States within the next year.
“Our goal is to expand westward,” she said.
Geographic expansion is crucial because ClearSky Data caches warm data at POP within 120 miles of customer sites.
Rubin said ClearSky has around 35 employees, and she expects to double sales, marketing and customer support staff with the funding.
“We’re looking for ways to be more accessible and in more places in short order,” she said.
The Equinix deal will also help ClearSky’s expansion. ClearSky uses Equinix data centers for its Ashburn and Chicago POP sites, but now will integrate its technology on Platform Equinix interconnected global data centers.
“We’ve been a customer of Equinix. This is a deeper level integration,” Rubin said. “They feel and we feel enterprise customers are looking to have more services that build a nice balance of what’s going on at the customer data center or at the edge. Connectivity from the data center to the edge is still hard. We’re a data management layer, and it’s always the data that’s hard.”
Rubin said ClearSky’s revenue for the first half of 2018 doubled the full-year 2017 revenue. She expects revenue in the second half of 2108 to also at least double 2017 revenue. She won’t say how many customers ClearSky has, but the provider lists Partners HealthCare, Massachusetts General Hospital, Nuance Communications and Unitas Global as customers.
Rubin said some of those companies use ClearSky for all their backup and disaster recovery needs, while some large organizations turn specific workloads over to the cloud storage startup.
Maxta is bringing predictive analytics into hyper-convergence.
Maxta Hyperconvergence software runs on x86 hardware using VMware or Red Hat Enterprise Virtualization hypervisors to create hyper-converged clusters. Today it officially launched MxIQ analytics, which is designed to work similarly to the predictive analytics that have become popular on storage arrays.
Unlike performance analytics running on storage arrays, though, MxIQ analyzes logs on servers, hypervisors and networking devices as well as storage.
“We heard from partners and customers that they were flying blind, they didn’t know when they were running out of capacity or performance,” Maxta VP of product management Kiran Sreenivasamurthy said. “They did not have hard data to understand the behavior of a cluster.”
MxIQ is a free feature built into Maxta Hyperconvergence software but Sreenivasamurthy said Maxta will consider charging for advance features planned in future releases. For now, all new Maxta customers and those who upgrade to the latest software version (3.4.1) have access to Maxta MxIQ.
“In the future, we’re looking at applying changes at customers’ sites using recommendations based on machine learning,” Sreenivasamurthy said. “We’ll react to changes that we see and anomalies that we detect.”
Maxta MxIQ looks at compute, storage, network and virtualization under management of Maxta software to determine and forecast system health and availability. Sreenivasamurthy said MxIQ can tell customers if a drive is close to failing, whether new components are compatible with existing hardware, and if performance issues are caused by storage, compute or networking. The software sends capacity and availability alerts and shows usage trends. MxIq uses statistics from its entire customer base to make its forecasts.
Maxta MxIQ consists of software that runs on AWS or in a customer’s data center and agents that install on all severs in a cluster. The agents collect information on the servers and send them to the software running on AWS or in the data center.
Sreenivasamurthy said customers can opt out of sharing their information from one cluster, an individual server or from any of their servers. He said at least 10 customers have used the software during its early release program.
MxIQ runs in active mode in one server in each cluster and runs in passive mode on the other servers. If the active server fails, one of the passive devices in that cluster becomes active.
MxIQ has three levels of user privilege – customer, partner and admin. Partners are service providers or other Maxta partners who sell its hype-rconverged software. Maxta MxIQ shows them all of their end-user customer clusters. The Admin is the person supporting the software, either the end customer or partner.
Nutanix is extending the Beam capability it launched six months ago for Amazon Web Services and Microsoft Azure into private clouds running on Nutanix hyper-converged infrastructure.
Nutanix Beam is a software-as-a-service (SaaS) offering that gives Nutanix HCI customers visibility into their costs across public clouds and now on-premises deployments. Beam serves as a multi-cloud management dashboard that shows how applications are consuming cloud resources. Its new release also adds the ability to analyze cloud consumption trends to help plan future spending, and show customers the cost of Nutanix clusters and software licenses allocated to each cluster.
Greg Smith, Nutanix VP of product marketing, called the Beam extension “an important milestone for Nutanix in building our product portfolio.” He said the vendor intended to extend the reach of Beam from the start, and the API-driven application can eventually expand to more clouds such as Google as well as non-Nutanix on-prem systems.
“This is consistent with our vision and product strategy to provide the framework customers need to manage resources across multiple clouds,” he said.
Smith said early Nutanix Beam users have expressed interest in extending it to on-premises appliances.
“We have a lot of requests for this,” he said. “It’s one thing we need to do to sell aggressively and our customers need to deploy aggressively into larger Nutanix environments. They wanted that integration. Most customers are using Nutanix in a private cloud but also have applications running in public clouds. What they wanted was a global view.”
Smith said the new functionality for Beam is in early access beginning today and is expected to be generally available within a few weeks.
Nutanix picked up Beam technology from its March acquisition of Minjar. Minjar sold Beam as its Botmetric service for AWS and Azure.
Nutanix Beam at the Nutanix .NEXT customer show in May, along with Nutanix Flow networking and Nutanix Era application management.
If Pivot3 is a valid indicator, the hyper-converged market is not only adding customers rapidly, it’s also moving into far bigger deals.
Pivot3 was among the first hyper-converged vendors, and the private company now competes with the largest storage and server vendors. Pivot3 claims its third-quarter books grew 50% over the same period last year. More impressively, it’s average deal size in the quarter nearly doubled from the 2017 average. Pivot3 said its deal size increased 95%, as 86% of new bookings came from large enterprises and more than 70% of new cutomers deployed multiple workloads on Pivot3 Acuity HCI products.
Bruce Milne, Pivot3’s chief marketing officer, said the vendor last quarter landed its biggest deal ever, a federal government contract. Milne said Pivot3’s background selling storage for video surveillance is paying off, as cities around the world are buying its HCI systems to deploy analytics and applications such as facial and license plate recognition software.
“More people are deploying an entire platform as opposed to a single application,” Milne said. “As market acceptance of hyper-convergence accelerates, larger companies are also realizing they’ve been missing out.”
Milne said Pivot3 has more than 2,500 customers. It has raised $253 million in venture funding, but none since early 2016.
Milne said Pivot3 is “making good progress” towards profitability but remains in growth mode. He said Pivot3’s investors are happy with its progress, and the company is adopting good business practices. He said Pivot3 is aiming for profitability in late 2019. “We won’t predict a specific quarter [to hit break-even], we can continue to invest in innovation,” Milne said. “We’re competing with big vendors and we don’t have a huge amount of pressure to become profitable. We went to do it for our own purposes. We’ve flattened our spending and increased bookings. It’s a good trajectory to be on.”
Milne said Pivot3 will add business policity management capabilities to its Acuity product by the end of 2018, extending its ability to manage data services and application on the platform. He said Pivot3 will also enable the ability to move workloads to and from public clouds, the way it does now for data.
That follows a few hardware releases in recent months. Pivot3 in August released a ruggedized system aimed primarily at military and intelligence organizations in the field, and formalized a partnership with Lenovo to sell its HCI software on ThinkSystem servers.
Milne said a large deal with the city of Bogota, Colombia, involving Pivot3 and Lenovo helped bring about the formal partnership.
“That cemented an opportunitie for smart cities, internet of things and edge computing with Lenovo, and was the catalyst for a larger joint go-to-market deal,” he said.
While going through a transition period, data protection vendor Commvault’s sales are still taking a hit.
Commvault’s revenue for last quarter of $169.1 million fell $10 million below Wall Street expectations based on the vendor’s previous forecast. Overall revenue decreased four percent from the previous quarter and ticked up just one percent over the same quarter last year. Product revenue of $69.5 million decreased seven percent from the previous quarter and dropped three percent year-over-year.
Commvault did post an $891,000 profit after losing more than $1 million last year, but that was due largely to staff cuts and reduced spending. Commvault reduced its work force by around seven percent over the last six months, and finished September with 2,644 employees.
Commvault has failed to hit its revenue goals for four straight quarters. The company is searching for a new CEO to replace Bob Hammer, who is stepping down following criticism from activist investor Elliott Management earlier this year. It is also shifting to a subscription pricing model, and it revamped its product lineup this year to try to make it simpler to sell all its various data protection and management products. All of this is part of the Commvault Advance initiative adopted after Elliott’s stinging critique of company management. That includes a re-branding of products under a Commvault Complete program.
Hammer, who plans to remain on the Commvault board after he steps down as CEO, had little to say about the search for his replacement. He said the CEO search is “well under way. The search committee is making good progress.”
When an analyst on the call pressed him for more of an update, Hammer repeated “the search committee is making very good progress on the CEO search.”
Commvault never put a timeframe on its CEO search, but industry sources say the board hoped to have a replacement before this month’s Commvault GO user conference. Now, sources say, Commvault may not have a replacement for Hammer before the end of 2018.
Bill Wohl, Commvault’s chief communications officer, said the vendor never set a goal to have a new CEO by GO. Wohl also said Commvault Advance was planned long before management received Elliott’s letter, although the plan went into place several weeks after Elliott made the letter public.
“We are exactly where we planned to be as far as the CEO goes,” Wohl said.
Commvault’s transition comes as its largest rivals, Veritas and Dell EMC, come out of corporate restructuring of their own. Commvault also faces formidable well-funded startups Cohesity and Rubrik, and Veeam is making inroads in its move to the enterprise.
Commvault is going full speed ahead with its Commvault Advance and Commvault Complete programs, though. Hammer and CFO Brian Carolan frequently used the word “disruption” Tuesday on the company’s earnings call but claimed Commvault is headed in the right direction.
“While there was a higher level of disruption than we had anticipated, the most significant changes are now largely completed and we are focused on go-forward execution,” Hammer said.
Commvault executives spent much of the earnings call walking through the long-term financial benefits of moving to subscription pricing. They characterized subscription pricing as “repeatable” revenue compared to its historic perpetual licensing.
“While we are not satisfied with our revenue performance, we are seeing strong early momentum from our Commvault Advance initiatives, and are excited about our accelerating subscription revenue,” Hammer said.
Commvault forecasted approximately $181 million in revenue for this quarter and $189 million next quarter, putting its fiscal year total at $715 million. Those numbers are based on software sales of approximately $82 million this quarter and $86.5 million next quarter. Hammer characterized the guidance as a “conservative near-term outlook” and they represent modest year-over-year growth. He said Commvault’s goal is to grow revenue nine percent next year.
“The whole foundation of Commvault Complete was not to try to make band-aid changes,” Hammer said. “It makes fundamental changes in our products, pricing, routes to market, and a much more efficient cost structure. So internally, there is a lot of optimism. I really think we’ve done this the right way, although it had some intended risks as we made these massive changes.”
Veeam Software has reshuffled its executive team, promoting co-founder Andrei Baronov to CEO, while Peter McKay is no longer with the data protection company after 2 ½ years as an executive, including more than a year as co-CEO and president.
In addition to the Veeam CEO switch, co-founder Ratmir Timashev is now executive vice president of worldwide sales and marketing, and William Largent is executive vice president of operations. Both Timashev and Largent will report to Baronov, according to Veeam.
“That was Peter McKay’s decision, driven by a desire to pursue some other opportunities,” Timashev said Tuesday about his departure, shortly after Veeam announced the changes publicly. “It was a little bit of a surprise to me.”
McKay joined the company as COO and president in July 2016, following a stint in management at VMware. He had shared Veeam CEO duties with Baronov since May 2017.
As co-CEOs, McKay led Veeam’s “go-to-market,” finance and human resources functions, while Baronov oversaw research and development, as well as product management.
Timashev said he and Largent will split McKay’s work. Timashev will focus on sales and marketing, while Largent will work in finance, corporate governance and human resources.
Earlier this month, Veeam said the third quarter was its 41st consecutive quarter of double-digit growth. Veeam previously reported $827 million in annual bookings revenue in 2017, an increase of 36% year over year. Veeam claims 320,000 customers and aims to become a billion-dollar company.
In September, Veeam said human error caused a database with 4.5 million unique email addresses to be accessible to third parties for two weeks. McKay apologized for the breach. Timashev said the issue has been resolved and McKay’s departure was not related to the breach.
Veeam was founded in 2006 as a virtual backup provider, but has since added physical and cloud protection, as well as data management capabilities. It has also expanded its customer base in taking on more enterprise customers.
“I’m very happy with the progress we’ve made,” especially on the enterprise front, Timashev said.
Timashev said he does not expect major changes in company strategy following the Veeam CEO shift.
On his LinkedIn page, McKay said he was honored to lead Veeam and influence its customers, partners and employees.
“As I enter the next phase of my career, I’m going to miss being a part of this exciting team, but I’m also looking forward to the next stage,” McKay wrote in a LinkedIn post Tuesday. “Oftentimes as we drive towards a goal, we can lose touch with those who are the most important in our lives. I’m looking forward to the chance to focus on some downtime to reenergize my body as well as spend quality time with my family and friends who have been patient with me over the years.”
Timashev was Veeam CEO from 2006 to 2016, when Largent replaced him. McKay and Baronov became co-CEOs a year later, when Largent moved into the role of chairman of the Finance and Compensation Committees.
Timashev remained active in Veeam after stepping down as CEO, most recently serving as senior vice president of marketing and corporate development.
Check back with SearchDataBackup for more on the Veeam CEO news.
At the end of the final keynote at NetApp Insight last week, founder Dave Hitz decided to add some sanity lest people get the wrong idea about the vendor’s strategy.
Hitz summed up the message at Insight to that point as “Cloud, cloud, cloud, cloud.”
“You could be forgiven at the end of Day One to think, ‘Do they even think about on-prem anymore?'” he asked.
Hitz said a customer asked him, “How long before you think NetApp stops selling hardware?’ I said, ‘Dude, that is not the goal.’ We believe if we can help people get the data into the cloud that they want in the cloud, we will gain share on-prem. They’ll buy our on-prem gear because we make it easy to get to the cloud and back from the cloud. They want to be able to manage back and forth. It’s not our goal to stop selling on-prem.”
Hitz, who helped start NetApp in 1992, summed up its current strategy as, “not your grandfather’s NetApp.”
That is by design. NetApp CEO George Kurian said the vendor must adapt to keep up with the changing technology landscape. NetApp still derives an overwhelming majority of its revenue from on-premise storage but pushes a Data Fabric that includes a wide variety of cloud storage. The goal is to enable identical management of storage in the cloud and on-premises.
“Business as usual in IT will not enable success during this digital transformation,” Kurian said. “This transformation requires you to change the way the business and IT work together.”
Joel Reich, who has Kurian’s old job as executive vice president of product operations, said in the early days of NetApp’s Data Fabric focus, “people thought we were crazy, embracing the thing [cloud] that would kill use. They thought it was a crazy strategy. But we’ve re-positioned NetApp around the Data Fabric, telling a distinct story to inspire innovation and lead with the cloud.”
NetApp upgraded its flagship OnTap operating system at Insight. It brought out version 9.5 with a new Max Data product that helps take advantage of persistent memory in servers. But most of the product rollouts at the show were public or private cloud related.
They include StorageGridSG6060 object storage, NetApp Cloud Insights, Azure NetApp Files, Cloud Volumes Service, Cloud Volumes OnTap, SaaS Backup for Office 365, NetApp Data Availability Services and NetApp Kubernetes as a Service (NKS).
Another change for NetApp is the way it has embraced technology from acquisitions. For much of its history, NetApp was considered bad with acquisitions. Clustered NAS startup Spinnaker Networks was Exhibit A. It took NetApp more than a decade to embed Spinnaker’s technology into OnTap. A knock on NetApp was that it couldn’t master any technology outside of OnTap.
But its current “cloud-connected flash” portfolio includes flash technology from SolidFire (NetApp HCI is built on it), GridStor object storage from Bycast, Cloud Insights resource management from Onaro, cloud backup from Riverbed, persistent memory storage (Max Data) from Plexistor and container orchestration (NKS) from StackPointCloud.
If NetApp succeeds in the cloud, it will be on the back of technologies it acquired.
“This is about the new NetApp and what we’re becoming,” NetApp CMO Jean English said. “It’s a journey. The legacy of who NetApp has always been is a starting point.”
Arcserve Unified Data Protection customers are being told to patch the backup platform after a security provider found issues that could leave data unprotected.
The four vulnerabilities in Arcserve UDP could compromise sensitive data through access to credentials, phishing attacks and the ability for a hacker to read files without authentication from the hosting system, according to Digital Defense, the company that discovered the problems.
Digital Defense, based in San Antonio, reached out to Arcserve with technical details of the vulnerabilities, said Mike Cotton, senior vice president of engineering at the security provider, which disclosed its findings publicly last week.
“[We] walked them through scenarios with how attackers can exploit the vulnerabilities in question,” Cotton wrote in an email. “Their team was extremely professional and they were very proactive in wanting to understand where the vulnerabilities were and how precisely to fix them.”
The vulnerabilities affect Arcserve Unified Data Protection 6.5, updates 3 and 4. Update 4 launched last month. UDP, Arcserve’s flagship product, features backup, recovery, automated testing, granular reporting and hardware snapshot support.
Arcserve Unified Data Protection customers can download a patch from Arcserve Support and reach out to the company to address any outstanding questions or concerns, the vendor said. Arcserve, based in Eden Prairie, Minn., also provided manual fix application instructions.
“Arcserve is committed to developing data protection solutions that meet the highest security standards to protect our partners, customers and, most importantly, their data,” the data protection vendor said in a statement. “We welcome reports from security researchers and experts so we can quickly and efficiently address any vulnerabilities, which was done by our incident response team in this case.”
Cotton said installing Arcserve’s patch is the best way to address these particular flaws.
“More generally, undertaking controlled network access strategies to limit access to the administrative interfaces of key backup systems can further harden installations such as this,” Cotton wrote.
Digital Defense regularly works with vendors regarding the disclosure of zero-day vulnerabilities. When the company’s Vulnerability Research Team finds issues and validates them, it contacts the affected vendor and helps with remediation actions.
Digital Defense has found vulnerabilities in other major backup products, including Dell EMC’s Avamar in 2017, but Cotton said this is the first time the company has worked with Arcserve.
“We believe they’ve addressed the flaws in question for these vulnerabilities,” Cotton wrote, “so no further action is necessary for them.”