ThousandEyes is a strong performer in The Forrester Wave™: End-User Experience Management, Q3 2022. This placement comes during an unprecedented wave of business expansion and innovation for ThousandEyes.  

The Hybrid Work Explosion Changed The Digital Experience Paradigm    

As part of the Cisco family, ThousandEyes has experienced exceptional momentum the past two years, which started even before the pandemic unraveled traditional IT management approaches. The shift to hybrid work during the COVID-19 pandemic was a real wake up call for all organizations that Internet, cloud, and SaaS-driven environments are increasingly the determining factors that underpin employee and customer experiences.

With the advent of Hybrid Work, the world has changed. Forrester’s data indicates that “two-thirds of US firms are moving to anywhere-work models” and “more than six in 10 global leaders anticipate a permanently higher rate of full-time remote employees.”¹ As a consequence of this, a significant and growing percentage of the environments now used by employees exist beyond the control of IT departments, and at a much greater scale. With the arrival of Hybrid Work, apps like Webex® by Cisco, Zoom, and Microsoft Teams are critical to how workers communicate not only with one another, but with their customers, prospects, and suppliers. Similarly, call center apps, like Genesys and Amazon Connect, are critical to how workers interface with consumers. This makes understanding remote end-user experience essential to achieve business success.

This new enterprise reality leads to new requirements, such as understanding and proactively addressing digital dependencies. Some of these include:

• The behavior of your critical applications. SaaS applications behave differently to traditional on premise applications, and collaboration applications can be particularly complex. Users are often connected to multiple data centers—which may exist in different geographic regions—and applications are dynamically switching connections in real time. As a result, it’s vital to be able to “look under the hood” of the application to see what’s happening. With a capability like Automated Session Testing, you can automatically test the connection to the destination host on the fly. This dramatically reduces mean time to identify (MTTI) and mean time to resolve (MTTR) by streamlining the management and communications of performance issue—removing any ambiguity regarding what’s causing an issue. Understanding your application’s behavior is essential to making necessary architectural adjustments and to enforce SLAs with your collaboration application provider.

• Digital dependencies within the “last mile.” Within a home office environment, delivery mechanisms such as Wi-Fi and VPN can be highly variable. You also need to factor in security components such as Secure Web Gateways, Cloud Access Security Broker (CASB), multi-factor authentication (MFA), etc. Are all of these accessible, interacting smoothly and are not impacting performance?

• Performance of the third-party providers beyond your corporate network. Ensure you have insight into the behavior of the ISP, CDN, and DNS vendors you depend on. When you see a provider funneling traffic inefficiently, this can lead to lag, which kills digital experiences. By monitoring proactively and routinely benchmarking performance, you can escalate evidence of degradations to the provider before the user experience is impacted. They can affect the needed change (routing or policy decisions, etc.) on their side. 

ThousandEyes End User Monitoring (EUM) has become a critical lifeline for helping application, IT, and workplace support teams maintain solid user experiences for their employees. This is because we deliver visibility end-to-end across the full digital supply chain—including the Internet and cloud environments that traditional monitoring solutions are unable to visualize. Demand for this level of visibility has skyrocketed, and our growth has also been recognized in the Forrester Wave: “The company’s strategy is to help enterprises gain visibility in an increasingly cloudy and remote-first world. Triple digit year-over-year revenue, market-leading customer retention, and exceptional customer support suggest the strategy is working.”²

Internet Intelligence Drives Ever Greater Digital Business Success  

The growth in customers adopting ThousandEyes (EUM) was not just triggered by the shift to remote working during the pandemic (although, it massively accelerated it). It is part of a wider trend centered on Internet and cloud growth, which is grounded in many use cases, not just remote working. ThousandEyes is best viewed as an Internet and Cloud Intelligence platform within the Cisco business. We are driving greater Internet and cloud visibility within multiple Cisco initiatives: Hybrid Work, Full Stack Observability, SD-WAN, and SASE, bringing critical digital performance insights to each. Each of these is essential to customers' success in the digital age. Access to data across all these environments further enriches ThousandEyes’ own industry-leading Internet data set, continually improving the depth and detail of the insights we provide. Customers need to know and understand the complex changes within these environments to ensure excellent performance and experiences—and that’s where ThousandEyes is a digital experience game changer.

Know the Internet, Know Your Digital Dependencies, Control Your Future  

ThousandEyes industry-leading innovations, such as Internet Insights: Application Outages, Automated Session Testing, and the recently announced ThousandEyes WAN Insights, are all purpose built to empower enterprises to see, understand, and manage experiences in an Internet-centric world. Our approach is relentlessly forward looking and effective in driving excellent digital experiences for our customers.

But don’t just take our word for it, listen to what our customers have to say. At our recent Branch of One Summit, ThousandEyes customers shared their own experiences of how they mastered their hybrid work challenges and made effective distributed workforces a reality. In each case, having an end-to-end correlated view of their environments was essential to driving business success. 

ThousandEyes in the Forrester Wave for EUEM

Forrester defines EUEM as “A set of client-side capabilities that helps operations pros manage the daily technology experience of employees by collecting and analyzing telemetry data from employee devices, apps, networks, identity, and user feedback. These agent-based solutions reside on the endpoint itself and help operations identify and proactively remediate degradation in technology experience.”³

Forrester adds that enterprises use EUEM technologies to:

• Reduce technology-related disruptions to employee productivity. 
• Track and quantify employee technology experience. 
• Collect qualitative feedback on tech experience.

An eagle-eyed reader might note, upon reading these points, that ThousandEyes does not focus on the qualitative feedback aspect of EUEM. This is entirely by design.

ThousandEyes' philosophy is that proactive resolution of an issue is more important than focusing on lagging indicators, such as qualitative feedback. This is very much a key tenet of Digital Experience Monitoring (DEM), which is the category that ThousandEyes most closely aligns with at a feature-driven level. DEM focuses on instrumenting the environment and the end-to-end digital delivery chain in such a way that issues can be recognized and acted on before the front-facing experience is impacted. We believe that this is the heart of DEM. 

We believe ThousandEyes’ DEM-centric approach is unique in the Forrester Wave for EUEM, as the other vendors included focus on Digital Employee Experience (DEX). What is DEX? Forrester defines DEX as “The sum of all the perceptions that employees have about working with the technology they use to complete their daily work and manage their relationship with their employer across the lifecycle of their employment.”⁴

Ultimately, our perspective is that DEX and DEM are effectively two sides of the same coin. They simply offer different ways to manage, measure, and improve employees' digital experiences in the workplace. DEX prioritizes qualitative feedback and device management, meanwhile ThousandEyes DEM focuses on understanding (and troubleshooting) the Internet environment and the SaaS applications being used. Case in point, as recently as last week, we saw several major collaboration apps used by remote workers experience serious performance issues. While an DEX-based approach would gather lots of feedback from users that they had experienced an issue, a DEM approach would help you pinpoint the source of the issue and work with your providers to address the root cause. In this case, the outage was nowhere near the end user. Rather, the outage was within a cloud provider’s infrastructure (caused by a power failure), which these collaboration apps happened to rely on. User sentiment would have done you little good during this outage, nor would having endpoint visibility alone, as the issue wasn’t at the user's level. That's where DEM shines. My colleague Mike Hicks’ penned an insightful piece dissecting DEX and DEM differences in some depth.

Most companies will be interested in a mix of capabilities from both DEM and DEX vendors (as well as other monitoring segments) depending on their unique priorities. We find that many of the other vendors evaluated in this Forrester Wave can often be found co-existing side by side with ThousandEyes in customers' IT stacks. This is because we offer a unique level of visibility into third-party service providers that many traditional DEX-centric vendors physically can’t, while they might provide qualitative feedback capabilities that we don’t offer. Many of our customers have shared with us that they plan to consolidate down to five or so monitoring solutions, with ThousandEyes taking center stage for their core Internet and cloud monitoring needs. This reflects the urgent challenges and opportunities that an Internet-centric world is presenting. It’s an Internet-driven world now, and we’re all living in it.

Want To Know More?  

ThousandEyes offers a more in-depth perspective on DEM and DEX in the blog: “How DEM and DEX Support Hybrid Work: Different Approaches Co-existing in the Next Generation Monitoring Stack.” If you are interested in finding out more about how ThousandEyes can help you bulletproof your customer and employees digital experiences, please contact us.

^{1. Forrester, ‘The Anywhere-Work Preflight Checklist’ by JP Gownder, April 22, 2022}

^{2. The Forrester Wave™: End-User Experience Management, Q3 2022 by Andrew Hewitt}

^{3. Forrester, Now Tech: End-User Experience Management, Q2 2022 by Andrew Hewitt}

^{4. Forrester, Digital Employee Experience Is Not A Tool — It’s A Perception by Andrew Hewitt}

Aime Williams and Mehul Srivastava, reporting for The Financial Times:

The US has added NSO Group, the Israeli military spyware company that created software that has been traced to the phones of journalists and human rights activists, to a trade blacklist in a bid to tackle the growing surveillance threat posed by technology companies.

NSO and a smaller Tel Aviv-based company, Candiru, were among four companies added by the US commerce department on Wednesday to its so-called entity list, which would restrict exports of US technology to the companies.

I don’t know what the practical effect of this will be, but it feels justified.

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source — we’ll call him Adam — spoke on condition of anonymity for fear of retribution by Ubiquiti.

“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”

Ubiquiti has not responded to repeated requests for comment.

According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. Ubiquiti’s breach disclosure, he wrote, was “downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack.”

In its Jan. 11 public notice, Ubiquiti said it became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name the third party.

In reality, Adam said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there.

“They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said.

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

Such access could have allowed the intruders to remotely authenticate to countless Ubiquiti cloud-based devices around the world. According to its website, Ubiquiti has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.

Adam says Ubiquiti’s security team picked up signals in late December 2020 that someone with administrative access had set up several Linux virtual machines that weren’t accounted for.

Then they found a backdoor that an intruder had left behind in the system.

When security engineers removed the backdoor account in the first week of January, the intruders responded by sending a message saying they wanted 50 bitcoin (~$2.8 million USD) in exchange for a promise to remain quiet about the breach. The attackers also provided proof they’d stolen Ubiquiti’s source code, and pledged to disclose the location of another backdoor if their ransom demand was met.

Ubiquiti did not engage with the hackers, Adam said, and ultimately the incident response team found the second backdoor the extortionists had left in the system. The company would spend the next few days furiously rotating credentials for all employees, before Ubiquiti started alerting customers about the need to reset their passwords.

But he maintains that instead of asking customers to change their passwords when they next log on — as the company did on Jan. 11 — Ubiquiti should have immediately invalidated all of its customer’s credentials and forced a reset on all accounts, mainly because the intruders already had credentials needed to remotely access customer IoT systems.

“Ubiquiti had negligent logging (no access logging on databases) so it was unable to prove or disprove what they accessed, but the attacker targeted the credentials to the databases, and created Linux instances with networking connectivity to said databases,” Adam wrote in his letter. “Legal overrode the repeated requests to force rotation of all customer credentials, and to revert any device access permission changes within the relevant period.”

If you have Ubiquiti devices installed and haven’t yet changed the passwords on the devices since Jan. 11 this year, now would be a good time to care of that.

It might also be a good idea to just delete any profiles you had on these devices, make sure they’re up to date on the latest firmware, and then re-create those profiles with new [and preferably unique] credentials. And seriously consider disabling any remote access on the devices.

Ubiquiti’s stock price has grown remarkably since the company’s breach disclosure Jan. 16. After a brief dip following the news, Ubiquiti’s shares have surged from $243 on Jan. 13 to $370 as of today. By market close Tuesday, UI had slipped to $349.

Steam:

SteamVR has ended OSX support so our team can focus on Windows and Linux.

You can see how relevant Steam has considered the Mac to VR gaming by the fact that they call it “OSX” — a name they misspelled and which Apple changed four years ago.

Matt Stoller, in his Big newsletter:

Endless money-losing is a variant of counterfeiting, and counterfeiting has dangerous economic consequences. The subprime fiasco was one example. Another example was the Worldcom fraud in the late 1990s, which forced the rest of the U.S. telecom sector to over-invest into broadband. Competitors have to copy their fraudulent competitors. It’s a variant of Gresham’s Law, which says that “bad money drives out good.” If you can counterfeit something for cheap, the counterfeit will eventually take over the entire market and drive out the real commodity. That is what is happening in our economy writ large, a kind of counterfeit capitalism as ‘leaders’ like Neumann are celebrated and actual leaders who can make things and manage are treated like dogshit.

This kind of counterfeit capitalism is terrible for society as a whole. At first, with companies like Walmart and Amazon, predatory pricing can seem smart. The entire retail sector might be decimated and communities across America might be harmed, but two day shipping is convenient and Walmart and Amazon do have positive cash flow. But increasingly with cheap capital and a narrow slice of financiers who want to copy the winners, there is a second or third generation of companies asking Wall Street to just ‘trust me.’

Compelling argument. I have always been deeply suspicious of any company whose business model is “lose a ton of money for the foreseeable future and eventually we’ll make a fortune”. It’s the South Park “Collect Underpants / … / Profit” business model, but real investors pump billions into it.

As a kid, when I heard the fable of the emperor with no clothes, I never bought the lesson, because I just couldn’t believe adults would go along with a sham that their own eyes told them wasn’t true. Turns out it happens all the time, over and over.

As someone who can’t remember what he had for lunch last week, this “ability” is fascinating to me.