Table of Contents

1. Introduction

2. How do we protect traditional IT infrastructure?

3. How do I use SELinux, AppArmor and Netfilter?

4. Can STIG hardening guide help me protect my Linux server?

5. How can I apply a STIG profiles to all my servers?

6. Are there any other tools that I can leverage?

7. Summary

Introduction

In this article, the second part of this series dedicated to ransomware, I am going to explore how we can protect traditional IT infrastructure.

How do we protect traditional IT infrastructure from ransomware attacks?

Although there are many companies moving their workloads to containers and cloud native applications, we cannot forget the majority of workloads still runs on traditional IT environments. Therefore, is very important to ensure that it is secure and up-to-date.

The operating system (OS) layer is key here since it provides the majority of libraries applications use. Consequently, it’s very important that these contain no known vulnerabilities and come from reliable sources.

This is where SUSE can help. SUSE is a leader in providing secure, reliable, and high-performance IT infrastructure solutions, including SUSE Linux Enterprise Server (SLES)

Linux distributions have many security features and tools that can be used to secure your application, such as SELinux, AppArmor and Netfilter.
These are also used by container management platforms such as Kubernetes, SUSE provides these and other tools to ensure system security and reliability on traditional IT infrastructure, and places special focus and passion on working with security agencies to produce configuration guides and certify its products to help users to secure their platforms.

Here is a list of the SUSE security certifications, amongst them we should highlight the Common Criteria EAL4+ which is a strong indicator that the software supply chain is secure. At the time of writing this article SLES 15 is the only general-purpose Linux OS awarded with this certification.

How do I use SELinux, AppArmor and Netfilter to protect against ransomware?

SELinux and AppArmor can be used to protect processes from accessing files they shouldn’t and behaving unexpectedly. This limits the spread of malware if the system is infected or the attackers are trying to exploit a vulnerability in the application protected by them.

Netfilter is the firewall of the Linux kernel, it is a very versatile and powerful tool for protecting applications from unwanted access through networks.

These security tools are themselves pretty complex and deserve a dedicated article themselves. However, when configured correctly they can be used to protect against ransomware and/or stop its spread, provide a multi-layered defense, and allow for a Zero-Trust approach to security in traditional IT infrastructure.

Can STIG hardening guide help me protect my Linux server from a Ransomware attack?

The Security Technical Implementation Guides (STIGs) are a set of guidelines and procedures for securing information systems and networks. Developed by the U.S. Defense Information Systems Agency (DISA), they outline the requirements for systems when connected to a U.S. Department of Defense network. Working closely with DISA, SUSE has developed an implementation guide for SLES 15.

Needless to say, STIG guidelines are useful to anybody looking to harden a Linux server and make it less vulnerable to attacks, including ransomware.

The STIGs provide a detailed list of security settings and configuration options that should be implemented on a Linux server, including:

• Use of strong passwords and account lockout policies

• Restricting access to the server to only authorized users and hosts

• Configuring the firewall to block unnecessary incoming and outgoing traffic

• Disabling unnecessary services and daemons

• Restricting access to the server to only authorized users and hosts

• Enabling logging and monitoring of system events

• Enabling regular software updates

• Etc.

Implementing these guidelines can help to reduce the attack surface of a Linux server and make it less vulnerable to common attack vectors, including ransomware.

SUSE provides ways to apply part of this rules automatically for more detailed information I recommend to read Marcus’s blog post “Applying DISA STIG hardening to SLES installations“.

How can I apply a STIG profiles to all my servers with openSCAP and SUSE Manager?

One of the challenges we face when securing our infrastructure is how to manage security at scale. Patching or configuring hundreds, or even thousands, of servers is a very time consuming task and is prone to errors if done manually, during this time our systems can vulnerable to attackers.

SUSE Manager (SUMA) is a server management solution from SUSE that provides comprehensive systems management capabilities for Linux-based systems, including those running on SUSE Linux Enterprise Server (SLES), all through a web-based interface or via API calls. It enables IT administrators to easily manage and monitor their physical and virtual servers, as well as their software packages, patches, and configurations. SUMA also provides support for openSCAP, an open-source tool which allows IT administrators to apply security profiles to their servers to ensure compliance with security standards like STIG as well as generate reports on the system’s compliance with the policies.

With SUSE Manager and openSCAP, we can apply STIG profiles to multiple servers at the same time, saving time and efforts as well as allowing you to observe from a single pane of glass all the servers that are secured and those who need attention.

We can see here the general steps to apply a STIG profile to a Linux server using openSCAP and SUSE Manager:

1. Install openSCAP and SUSE Manager on the server.
2. Download the STIG profile that you wish to apply from the DISA website.
3. Import the STIG profile into SUSE Manager.

These steps only need to be done the first time.

4. Use SUSE Manager to apply the STIG profile to the server.
5. Use openSCAP to scan the server and evaluate it against the STIG profile.
6. Review the openSCAP report to see which security settings and configurations are compliant and which are not.
7. Use SUSE Manager to make any necessary changes to the server’s security settings and configurations to bring them into compliance with the STIG profile.
8. Repeat steps 5-7 as needed to maintain compliance with the STIG profile.

It’s important to note that applying STIGs is not a one-time event, but it is an ongoing process. It’s important to regularly monitor the systems to ensure they are still in compliance with the STIGs and otherwise make any necessary changes.

Are there any other tools that I can leverage to build my Ransomware protection strategy?

SUSE Linux Enterprise Server (SLES) provides more tools that can help you to build your protection strategy against ransomware.

• AIDE (Advanced Intrusion Detection Environment) is a tool that can be used to detect unauthorized changes to a Linux server. It works by creating a cryptographic checksum of all the selected files on the server and storing it in a database. This database is then used as a reference point, and AIDE can periodically scan the server to compare the current state of the files to the reference point stored in the database.
  If AIDE detects any changes that were not authorized, it will alert the user and provide detailed information about the changes.
  This helps as well to create an audit trail of changes that can make the forensic analysis process easier.It’s important to note that AIDE is not a replacement of a full-fledged endpoint protection solution and it’s not capable of detecting all types of ransomware. It’s also important to regularly update the tool and the rules to detect new variants.

  For more information about AIDE here is the documentation for AIDE configuration on your SLES servers.

• ClamAV, which is an open-source antivirus engine designed for detecting trojans, viruses and other malware, can be used to scan files for malicious content on a shared folder serving Desktop systems, in this way it can reduce the spread of ransomware on Desktop systems, even when those are using other operating systems.It allows for plugins such as ClamSAP, a plugin that can be used to scan and protect SAP systems from malware. It is specifically designed to integrate with the SAP Netweaver platform and to scan for malware in the files and databases that are used by SAP applications.

  Both ClamSAP and ClamAV are bundled with your SUSE Linux Enterprise Server for SAP subscriptions and are updated regularly.

Summary

This article provides an overview of some of the tools and services available from SUSE to protect organizations IT services running on traditional IT infrastructure from ransomware and other forms of malware, SUSE products are designed to prioritize security, our team constantly innovates in the area of security to ensure your business remains stable and resilient.

If you want to know more about SLES please feel free to download our Buyer’s guide.

For more information about our products and services, please contact us.

For other articles in this series please visit:

Ransomware Attacks – Part 1, Introduction

Ransomware Attacks – Part 3, Container Security

How to protect your SAP applications from Ransomware attacks

In this series of articles, I will talk about Ransomware attacks and how we can better protect our systems.

What is ransomware?

Ransomware is a type of malicious software (malware) that is designed to block access to a computer system or its data, usually by encrypting it, until a ransom is paid. It is typically spread through phishing emails, malicious links, social engineering tactics or exploiting vulnerabilities. Once the ransomware is activated, the attacker will demand a payment in exchange for a decryption key, or access to the system. This type of attack is usually financially motivated, as attackers can potentially make large amounts of money from unsuspecting victims.

The attacker aim will be to spread the malware in as many systems as possible before blocking the access in order to maximize the pressure on the victim to pay the ransom, the business may not be able to continue operating properly during this time and may also be threaten with the release of sensitive data.

The consequences can be far reaching, not just impacting the organization affected by it but also its customers as we could see with the attack on the Royal Mail in the UK that left customers unable to fulfill international orders or the recent wave of attacks on unpatched infrastructure

What are the steps of a ransomware attack?

This will depend on the level of sophistication; the process tends to be automated in most cases but in some, targeting big organizations, criminal groups may spend more time preparing to make sure they can successfully force the organization to pay.

• Gain access

A ransomware attack typically begins with the attacker gaining access to a victim’s computer or network through methods such as phishing emails, infected software downloads, or exploiting vulnerabilities through the network.

• Spread

Once the attacker has access to a system in the internal network, it will try to spread the malware across. For simple attacks the spread will depend on the sophistication of the malware and this will happen automatically, for more targeted attacks the malware will call home and let the attacker research ways to spread further and take control of more systems.

• Surface and hold hostage

Once deemed appropriate by the algorithm in case of an automated attack or by the criminal organization, the blocking of systems and encryption of data will start, in most cases a message will be displayed on some of the victim’s computers, demanding a ransom payment in exchange to restore access to the data and/or systems.

The ransom payment is typically made in the form of cryptocurrency, such as Bitcoin, Monero, etc… as it allows for anonymity and is difficult to trace. The attackers may also provide a deadline for the payment to be made, and threaten to delete or release the encrypted data and files if the ransom is not paid, this deadline is set so to limit the time of reaction in order to force the victim to take the payment option.

Are Linux servers vulnerable to Ransomware attacks?

Linux servers are not immune to ransomware attacks, but they are generally considered to be less vulnerable. This is because Linux servers typically have fewer vulnerabilities and are not so commonly targeted by attackers.

Additionally, Linux servers often have built-in security features, such as AppArmor and SELinux, which can help to prevent malware from executing and spreading.

However, it’s important to note that Linux servers can still be vulnerable to attacks if they are not properly configured or if they are running outdated software.

Any attack on the supply chain of the Linux distribution/s in use can lead to infected software being distributed across the systems.

Are container environments also vulnerable?

Ransomware can be deployed to a container image or container environment just like any other application, and data can also be encrypted or stolen. Additionally, ransomware can spread the underlying host which is running on Linux, and although Containers managed by Kubernetes distributions make the spread of ransomware more complicated, can also complicate the resolution and forensic analysis required.

What to do?

It’s important to note that paying the ransom does not guarantee that victim’s data and systems access will be restored or that sensitive data is not leaked.

In fact, some attackers may not even provide the key, or they may demand additional payments.

According to Statista only 54 percent of organizations regained access to data or systems following the first payment in 2021.

Additionally, paying the ransom also encourages the attackers to continue their malicious activities.

Also, the vulnerability still there, another criminal group can exploit it again.

The best is to prevent, this can be done by adopting healthy operational and security practices like:

• Keep all software and operating systems up to date.
• For desktop systems use anti-virus and anti-malware software.
• Regularly scan for vulnerabilities and security compliance, the key here is to do it regularly and the
  best way is to automate it so that it does not become a hassle and can be incorporated as a part of the deployment process.
• Make sure the software supply chain is properly secured. From an attacker’s perspective attacking the supply chain can be the easiest way to reach the majority if not all of the systems in an organization.
• Implement proactive measures and adopt Zero-Trust policies. This applies for both containers and traditional environments.
• Adopt best practices for passwords validation, such as avoiding common words and use long sentences which are easier to remember for humans but difficult to crack by machines.
• Educate your employees on basic security principles, to be wary of suspicious emails, how to identify suspicious links, and data management to avoid having critical data stored on places that won’t be backed up.
• Perform regular backups and always store a cold backup on a separate physical location without network access. Always make sure the restore procedures are periodically tested.
• Automate your infrastructure deployment, so you can quickly restore your systems, time is money.
• Have a Disaster Recovery Plan, and make sure it’s tested periodically.

Conclusions

Ransomware attacks can be extremely damaging and very complex to tackle with a very limited timeframe of action. The best way to deal with them is by avoiding them in first place using mechanisms to prevent and mitigate their impact.

SUSE has a history helping its customers to defend themselves from these attacks.

In the following parts of this series will explain in more details some of the listed methods to prevent them.

For other articles in this series please visit:

Ransomware attacks – part 2, Traditional IT.

Ransomware Attacks – Part 3, Container Security

How to protect your SAP applications from Ransomware attacks

SUSE guest blog authored by:

Steve Waterworth, The Mechanic at Asserts

Kubernetes (K8s) has continued to explode in popularity with everyone from small startups to large multinational corporations running their business-critical applications on it. Along with the plethora of benefits, K8s comes with a high degree of complexity when it comes to implementing, managing, and monitoring the platform. Luckily, along with K8s exploding popularity, there has also been tremendous growth in Kubernetes management platforms and Observability tools designed specifically for these complex environments. 

Managing Kubernetes with Rancher Prime Kubernetes Management Platform

Rancher Prime enables customers to run K8s across any infrastructure in production. As the open-source enterprise platform for Kubernetes management, Rancher helps ITOps address the operational and security challenges of managing certified Kubernetes clusters from the core, cloud, and at the edge. It also provides DevOps teams with integrated tools for building and running containerized workloads at scale, making Kubernetes management simpler and more efficient.

Monitoring Kubernetes Deployments on Rancher with Asserts

The dynamic nature of K8s deployments makes monitoring through complexity a significant challenge. Prometheus has become the de facto standard for monitoring these complex, cloud-native environments. 

ITOps and DevOps teams are now able to use Asserts alongside Rancher Prime to gain a layer of automation and intelligence on top of their existing Prometheus ecosystem. Asserts analyzes the existing metric data to build a correlation graph, automatically detect anomalies and failures, track SLOs, and direct users to the root cause of any issue. This unique correlation graph automatically creates and ranks ‘Assertions’, a collection of interconnected issues, directing DevOps teams on where to prioritize their remediation efforts. From Assertions, users can dive directly into dynamically curated Grafana dashboards, relevant log lines, and traces in their existing open observability data systems to quickly pinpoint issues. 

Unlike traditional application performance monitoring solutions, Asserts does not require a proprietary agent. This means users can keep full control of their data, avoid vendor lock-in, and maximize their OSS investment, without the need to pay for duplicate storage.

As the leading unified, multi-cloud, Kubernetes, and platform-agnostic management tool in the industry, Rancher Prime simplifies K8s management by delivering streamlined cluster operations, full visibility and monitoring, and unified security and governance. Rancher Prime consolidates a host of K8s functionalities under one platform, to essentially serve as a one-stop-shop for building, deploying, and scaling containerized applications, including packaging, CI/CD, logging, monitoring, and service mesh.

Together Rancher Prime and Asserts combine to mitigate the complexity of K8s operations by offering a simple and consistent way to provision, manage versions, gain visibility and diagnostics, set up monitoring, alerting, and SLOs, automate processes and enforce user access and security policies across clusters.

To learn more about how Asserts and Rancher Prime can help you adopt and master K8s, visit our website for more information or get in touch with the Asserts team. You can also contact the Rancher Prime team.

Author: Steve Waterworth

Steve is The Mechanic at Asserts, which provides a layer of automation and intelligence on top of Prometheus. He brings a wealth of experience to this role having worked in technical positions in the APM space since 2004 for companies including Wily Technology, AppDynamics and Instana. In that time he has seen numerous technical revolutions and market disruptions giving him unique insight into the rapidly changing world of Observability. He has a background in electronics and programming before moving to software solutions.

This blog is posted on behalf of Joe Gerkman, Global Director – SUSE One Partner Program.

Today, we announced some changes to the SUSE One Partner Program.  

It’s been over two years since we made some significant changes to the SUSE One Partner Program in recognition of that we needed to evolve the program to better meet the changing business models and partner landscape. 

The changes that we’re making are a continuation of that continuing evolution – we want to ensure that our Partner Program continues to not only meet our partners’ needs but also allow us to partner effectively to deliver innovative solutions that solve the most difficult challenges that enterprises have. 

How is the SUSE One Partner Program being updated? 

1.Tier names 

We have decided to update the tier names in the program from Silver, Gold and Platinum to Sapphire, Emerald and Diamond respectively.   

On the surface, this is a simple name change. The motivation for this name change is not to stealthily introduce any new requirements!  

Rather, we believe that while metals-based partner programs have their place, we are cognizant of the different business models and go-to-market approaches of our partners and the ecosystems around them.   

The move to gems – Sapphire, Emerald and Diamond, we think, better represent that forward-looking approach.  

The new naming system makes it easier for partners to understand and communicate their level within the program, and the increased resources and support that we provide at each tier, will help partners to better sell and support SUSE products. 

With the SUSE One Partner Program we’ve also taken our partners’ business models into account via Specialization streams.  Our specializations allow our partners to focus their partnership with us in one area or expand their partnership across multiple go-to-markets.  

Partners in different specializations also choose to work together on specific customer projects, leveraging each other’s strengths to construct a complete and optimal solution to customers. 

2. Specialization name change:  BUILD to SOLUTION 

BUILD was one of the six specializations that were launched when we premiered the SUSE One Partner Program. The partners who participate in BUILD are the ones who create market-specific, industry agnostic, or use-case driven end-to-end solutions across SUSE offerings with collaboration & support from SUSE technical teams. These solutions are generally marketed and sold by the partner through their own ecosystem or reseller channels. Our community of OEM and embedded partners belong to this specialization.  

More than two years since the launch of the SUSE One Partner Program, we have gathered enough feedback to know that we need to change this specialization name to SOLUTION, to better reflect the expertise and finesse that our partners in this specialization bring to the table.  

What’s not changing is that partners in the SOLUTION specialization can still expect that as they advance up the tiers, they will unlock access to special pricing, supported sales coverage, and technical pre-sales resources that kick-start go-to-market activity across a range of solutions, from embedded systems, and single-purpose software appliances, to fully validated hardware and software stacks. 

The Power of Many. Together as One. 

The changes that we’ve announced today serve as a way for us to recognize the changing times that our partners operate in, as well as demonstrating how we want to make sure we continue to cater to our partners needs amidst these changing times. 

Together with our partner community, we can be and are “better together” in the scope of our offerings and ability to better meet the needs of our joint customers. 

Welcome to our latest trend report, where we take a look at the most exciting and cutting-edge branding trends that are shaping the industry. In this report, we will explore a variety of trends across different areas of brand design, including color, user experience, and utilization of new technology. The treads we will touch on have been categorized as “key trends” and “other notable trends.” We will examine how these trends are being used by top brands and designers. This report will give you a comprehensive and thought provoking walk through of key and notable projected trends of 2023.

For additional details and visual examples of the trends mentioned, please see the full version of the trend report which can be found here.

Key Trend 1: A Revolution in Design Tools

Arguably the biggest change in graphic design in 2023 will be how we make them. Artificial Intelligence (AI) has been integrated into various sectors over the past ten years. AI generators that can generate captivating images and artworks by utilizing algorithms and data sets have emerged. They have accelerated workflows and created countless possibilities for the field. Nick Hill of Re Design states, “if late 2022 was defined by the emergence of AI in art and design, I think we’re really on the edge of a design tool nirvana. Plugins and tools have always been around but stuck behind tricky workflows,” he explains. “Tools like Figma helped democratise the ‘plugin’, and at Re Design, we now use the software for so much more than what it was clearly originally intended for. Apps like Runway have made inpainting and masking content, which used to take hours of specialised work, available in minutes.” The tension is whether we can use this growing space almost ‘invisibly’ or that the tools become too evident and repetitive in work,” he adds.

It is also important to note the other side of this trend. There is also a gray area that creatives are entering when it comes to AI generated art and topics much like this. Getty Images recently banned AI-generated content over fears of legal challenges. Other companies such as Newgrounds and PurplePort have followed suit. Getty Images CEO Craig Peters states, “we are being proactive to the benefit of our customers.” The creators of AI image generators say the technology is legal, but that’s no guarantee this status won’t be contested. Getty Images competitor Shutterstock, seems to be limiting some searches for AI content. They are yet to introduce specific policies banning the material however.

Overall, programs such as DALL-E and Midjourney are making creating art with AI accessible to all and we are certain that these new tools will impact the way we consider design and observe our environment.

Key Trend 2: Designing for Hyper-reality

Designers are now required to have expertise in both physical and digital realms, and the future involves utilizing technology such as AI, AR, VR, MR and real-life to create fully engaging brand experiences. While these fields are not novel, they are rapidly advancing, and they extend far beyond traditional graphic design, making it an exhilarating time to be a creative. Holly Karlsson, creative director at Bulletproof states, “3D OOH billboards offer hyper-realistic and immersive brand experiences, blurring the lines between technology and reality. Then there are Al data sculptures, such as the mesmerizing work of Refik Anadol and the emergence of Al image generation based on machine learning, such as DALL-E 2. We should embrace these evolving mediums and use them to our advantage whilst drawing on our more traditional design skills.”

2023 promises to be an exciting and ground-breaking year for AI-generated content, with plenty of innovative ways for creatives to use this technology to their advantage. However, it is important for designers to stay on the ball and be aware of automated tools like DALL-E and decide whether they want it to be part of their professional repertoire. Web 3.0 is offering artists and designers unprecedented control over their digital output – so, who knows, we might even see a rise in ‘house styles’ and a shift towards design as ‘art’. By combining traditional design skills with a deep understanding of these emerging mediums, we can create truly innovative and impactful brand experiences that capture the imagination of consumers.

 

Key Trend 3: Human Connection and Substantive Promises

This trend focuses on looking for inspiration in everyday moments. These moments can communicate your brand in a very intimate way by using design elements that act as an understated facilitator for authentic human storytelling. It’s not just about the product or solution you offer, but about the values and emotions that your brand represents. Fostering an atmosphere of trust and transparency should be top of mind. Shantanu Kumar stated on UX planet that, “according to Edelman’s annual trust studies, trust in institutions and brands has been declining year after year, and this trend is likely to continue in 2023. As trust in brands continues to decline, it is becoming increasingly important for companies to focus on building credibility and trustworthiness to connect with consumers.” Over the years we have seen consumers demanding companies to take a stance on social and political topics and we’re seeing that statements alone aren’t enough.

One way that brands have responded to this demand is by having more inclusive visuals. By doing this it is helping audiences from all walks of life see themselves reflected in a business’s products and mission. There are many examples of when a brands values and mission doesn’t line up with their actions, for example, H&M, a multinational clothing company based in Sweden that focuses on fast-fashion clothing for men, women, teenagers, and children, was accused of green washing and engaging in false advertising about the sustainability of their clothing. There are, however, many companies that serve as great examples when it comes to being a brand that is open and honest about their products, services, and values. One important brand to note here is Patagonia, an American retailer of outdoor clothing. This brand is known for its commitment to transparency and sustainability in their business practices. They use videos on their website to showcase the process of sourcing and manufacturing their products and invite customer feedback to improve their operations. 

Key Trend 4: Mixed Dimension

In 2023 graphic designers are shattering the boundary between online spaces and physical ones. Though this trend can seem dystopian, it is actually much more focused on joy and whimsy. This trend explores the contrast between these two different spaces with vibrant splashes of color, brush like strokes to highlight key graphical elements, and engaging characters to aid in telling the unique stories of the brand. Rather than taking away from the real-life imagery, the blending of these styles actually emphasizes the power and impact that imagination and art can have in the world. Brands can use this trend in many ways like adding simple illustrative line work to highlight product’s key features, creating limited edition packaging with seasonal elements or giving brand photography and social assets a glow up with bold, vibrant swashes of color. 99 Designs team states, “it also shows the world as we might like it to be, a place of discovery and wonder. When life sometimes feels gloomy, it is the imaginative power of art that offers escape and reminds us that we are capable of creating magic, if we just put our minds to it.” 

One notable trend that falls under this same category of Mixed Dimension is Surrealist Maximalism. As minimalism, as a trend, has been on the rise for a few years now, we are starting to see how it is evolving in new and creative ways. It is true that the pandemic has had a significant impact on various aspects of life, including art and design. The surrealism and maximalism aesthetic styles have been gaining popularity as a way for designers to push boundaries and make bold statements. As people emerge from the confinement of the pandemic, there is a desire for more expressive and dynamic designs that break away from traditional norms. These styles are often characterized by bold colors, exaggerated forms, and a mix of different elements, which can create a sense of wonder and surprise for the viewer.

Other Notable Trend 1: Retrofuturism

With all of the exciting new technological possibilities, retrofuturism is a trend which is influenced by this. Andenew Ayele, associate creative director at ThoughtMatter says, “design trends are leaning into what can roughly be described as retrofuturism. The strong surge of newly available tech and digital resources have made Web3, AI-generated and 3D art accessible. These advances have also lent to nostalgia-driven typefaces, dynamic retro color swatches, and the ability to honor previous modes of graphic production with seeming authenticity and ease.” Last year, anti-design was on the rise. This is a good indicator of retrofuturism and what is to come in the future. Andenew also states that, “designers and non-designers alike have often questioned the relationship between people and brands because of their inability to be relatable, to create compelling ideas and individuality, to foster storytelling, to keep humanity at the forefront through their work and products. Now is not the time for brands to swim in the sea of sameness with a safe, bland brand identity and visuals that appeal to everyone. If this surge of tech and resources continue to blossom, the near future will be marked by a non-linear approach to time, inspiration, process and creativity as a whole. Without the constraints of rigid guidelines and limited resources, we foresee individuality and emotive work to be on the rise.”

Retrofuturism is a unique style that seamlessly blends modern-day aesthetics with futuristic technology and traditional design elements. At its core, it features a combination of grungy, faded aesthetics with futuristic themes, creating a nostalgic yet forward-looking feel. The design incorporates elements of retro design, with a focus on vibrant colors and technology and machinery. The shapes used in retrofuturism are usually smooth and rounded geometric shapes, which adds to the overall aesthetic of nostalgia and futurism.

Other Notable Trend 2: Folk Botanical

Patterns in graphic design are often inspired by nature, and the use of natural elements such as leaves, fruits, and vines can create dynamic and lively compositions. This trend is a departure from more traditional and refined nature patterns, and instead incorporates elements such as shaky doodles, rough textures, and unexpected color combinations to create a more whimsical and organic feel. This trend emphasizes the human touch and imperfections in digital artwork, which can add a sense of warmth and personality to the design and awaken a feeling of familiarity in the customer. The use of this trend in nature patterns can create a unique and unexpected visual experience for the viewer.

This approach works well in making digital work feel more natural and perfectly imperfect. It uses bright, whimsical, nature inspired patterns that are intentionally imperfect, even childlike, providing a casual, comforting alternative to more “polished” designs. Alice Z., Designer at 99designs by Vista, describes this style by saying, “the paint-textures give designs a lively look, and I hope we’ll be able to see more usage of hand-made textures. Some customers still prefer “too smooth” and “polished” designs, but imperfections are really cool.

Other Notable Trend 3: Foil Printing

Foil printing is projected to be popular trend in graphic design for 2023, which adds a unique luxurious and stylish touch to print materials. It can be used in various ways, such as full gold for sophistication or multi-colored foil for a futuristic look. Brands can use foil printing to add a touch of class and sophistication to their products. Custom foil business cards are an example of the possibilities of using foil in graphic design.

Team Jukebox says, “there are practically limitless possibilities for how to use foil. For instance, you can go full gold to give a product an air of sophistication or you could use multi-colored foil to make it appear more futuristic.”

Other Notable Trend 4: Motion Graphics 

Today, advancements in design technology have made it possible to create high-quality, moving images that can be used for both indoor and outdoor advertising. Now you can see small billboards at bus stops, outside of a mall, or randomly placed in a city square. Brands don’t need a million-dollar budget anymore to show their brand in motion. And, in doing so, are creating new layers of depth for consumers.

Motion in advertising can be more engaging and attention-grabbing than static imagery, and can create a deeper connection with consumers by telling a story or creating a sense of identity. Advancements in design technology have made it more accessible and cost-effective for brands to use moving images in their advertising. When Mitch Paone, partner and creative director at DIA Studio got the question: ‘Why is motion so important anyway?’ He responded, “On a superficial level, a static image can’t compete with a looping GIF. On a deeper level, movement creates identity, just like how we can identify a salsa dancer versus a hip-hop dancer. The dancer could be the same, but their motion tells the story.”

I am thrilled to announce that SUSE has been recognized by G2, the world’s largest and most trusted software marketplace, as one of the Top 25 German Companies in their “Best Software Awards” for 2023.

At SUSE, we have always been dedicated to providing our customers with the best possible software solutions and services. This award by G2 is a testament to the hard work and dedication of our entire team. It is also a recognition of the trust and confidence that our customers have placed in us.

This is not the first time G2 has recognized SUSE for delivering excellence to our customers. G2 recently awarded SUSE 15 badges across its product portfolio.

Here’s what some of our German customers say about how SUSE’s products have impacted their business:

“To exploit the great potential for innovation in agriculture, our IT must be able to operate with agility. SUSE solutions help us deliver new digital services quickly — without compromising stability and availability.”
Jan Ove Steppat
Open Source Infrastructure Architect
CLAAS KGaA mbH 

“Rancher Prime brings all the functionality we need to deploy, manage and monitor Kubernetes clusters from a central interface, and it’s completely automated. Using OKD, on the other hand, would have required an entire ecosystem of additional solutions, adding further cost and complexity.”
Ronny Becker
Product Owner Platforms
R+V 

“In the last 12 months, we have achieved an availability of exactly 99.99878% for the SAP HANA environment with our platform and have thus been able to support our global business very reliably even in this challenging year. In terms of availability, we thus far exceed the service level agreements that an external service provider could assure us.”
David Kaiser
SAP Manager
REHAU Industries SE & Co 

“From our point of view, Rancher Prime is clearly the most advanced and comprehensive management tool for managing multiple Kubernetes clusters, especially in an environment with high security requirements.”
Frank Bayer
Senior Architect for Operating Systems and Container Services
IT System House, Federal Employment Agency (Bundesagentur für Arbeit)

We are grateful to the open source communities and to our employees who work tirelessly every day to make our company a success. A big thank you to our customers, who provided us with valuable feedback and reviews to help us continually improve our product solutions.

I’m excited about the future, and at SUSE we look forward to cooperating with you for many years to come. Thank you again, and here’s to another successful year.

I am thrilled to announce that SUSE has been recognized by G2, the world’s largest and most trusted software marketplace, as one of the Top 25 German Companies in their “Best Software Awards” for 2023.

At SUSE, we have always been dedicated to providing our customers with the best possible software solutions and services. This award by G2 is a testament to the hard work and dedication of our entire team. It is also a recognition of the trust and confidence that our customers have placed in us.

This is not the first time G2 has recognized SUSE for delivering excellence to our customers. G2 recently awarded SUSE 15 badges across its product portfolio.

Here’s what some of our German customers say about how SUSE’s products have impacted their business:

“To exploit the great potential for innovation in agriculture, our IT must be able to operate with agility. SUSE solutions help us deliver new digital services quickly — without compromising stability and availability.”
Jan Ove Steppat
Open Source Infrastructure Architect
CLAAS KGaA mbH 

“Rancher Prime brings all the functionality we need to deploy, manage and monitor Kubernetes clusters from a central interface, and it’s completely automated. Using OKD, on the other hand, would have required an entire ecosystem of additional solutions, adding further cost and complexity.”
Ronny Becker
Product Owner Platforms
R+V 

“In the last 12 months, we have achieved an availability of exactly 99.99878% for the SAP HANA environment with our platform and have thus been able to support our global business very reliably even in this challenging year. In terms of availability, we thus far exceed the service level agreements that an external service provider could assure us.”
David Kaiser
SAP Manager
REHAU Industries SE & Co 

“From our point of view, Rancher Prime is clearly the most advanced and comprehensive management tool for managing multiple Kubernetes clusters, especially in an environment with high security requirements.”
Frank Bayer
Senior Architect for Operating Systems and Container Services
IT System House, Federal Employment Agency (Bundesagentur für Arbeit)

We are grateful to the open source communities and to our employees who work tirelessly every day to make our company a success. A big thank you to our customers, who provided us with valuable feedback and reviews to help us continually improve our product solutions.

I’m excited about the future, and at SUSE we look forward to cooperating with you for many years to come. Thank you again, and here’s to another successful year.

“The future of the telecom infrastructure is fast moving and often difficult to predict,” said Keith Basil, SUSE Edge General Manager. “Telecom operators are looking for flexible solutions to modernize their existing networks, help rollout 5G networks quickly and adopt open frameworks, such as Open RAN, while navigating disaggregation of their networks.”

SUSE has built Adaptive Telco Infrastructure Platform (ATIP), which has a flexible and adaptable infrastructure that future-proofs next-generation networks to support novel applications and use cases expected to arise from 5G, Multi-Access Edge Computing and general Edge computing.

What is SUSE ATIP?

SUSE Adaptive Telco Infrastructure Platform (ATIP) is a telco-optimized edge computing platform that enables telecom companies to innovate and future-proof modernization of their networks. It achieves this with an open and flexible infrastructure that adapts easily to future needs, is optimized for telco-grade performance, and simplifies operations at scale.

Unlike current solutions in today’s market, ATIP is built for the telco edge from the ground up. ATIP enables faster rollouts with a highly scalable and programable management solution for telco-grade infrastructure. As the largest European player in the international open-source infrastructure software market, SUSE has developed this platform in close collaboration with the leading European telco operators such as Deutsche Telekom, Orange, Telecom Italia, Telefonica, and others.

What are the key attributes and benefits of SUSE ATIP?

Future-proof design minimizes risk and helps you thrive in a highly competitive environment

• Adaptable. SUSE ATIP is a telco-optimized edge computing platform that packages the key infrastructure components – Linux, Kubernetes, security, and management tools – in a customizable form, so Telco operators can easily adopt it for a broad range of use cases across mobile and fixed networks.
• Modular. Designed to thrive in a multi-vendor environment, ATIP includes modules that can be used together or individually to suit operators’ requirements. As an example, ATIP is ideal for supporting and enabling future-looking cloud frameworks, such as LF Europe’s project Sylva.
• Support Existing Infrastructure. The operators can minimize risk by using their existing infrastructure, given ATIP’s support of a wide range of hardware. Choice of OS (SLE Micro, SLE Server) and management tools (SUSE Manager, Rancher Prime) enables you to manage your existing infrastructure or adopt cloud-native methods. SUSE can meet you wherever you are in your transformation journey.

Telco-grade Performance

SUSE ATIP delivers telco-grade performance attributes across the entire stack. Its Operating System layer provides low latency, real-time performance, and a fast data path. The Kubernetes layer ensures performance-sensitive applications run optimally, with full lifecycle container security delivered by SUSE NeuVector. Additional functional attributes include:

• Built for Edge from the ground up, so customers can get optimal performance without the technical debt from legacy systems. SUSE ATIP delivers lightweight Kubernetes distributions fit for resource-constrained or remote devices in strictly regulated environments. Immutable Linux is optimized to support containers and microservices, making it an ideal container and virtualization host at the edge. With security seamlessly integrated across the full stack – from applications to Kubernetes to operating systems, the data center level of security is made available to every device, wherever it is located.
• Optimized for Telco: SUSE’s Kubernetes and Linux are optimized for Telco functions – workloads can be scheduled based on underlying hardware functionality, direct access is allowed to network interfaces from Kubernetes Pods, a broad range of hardware enablement is made available, and telecom-specific protocols are supported.

Simplified Operations at Scale

SUSE ATIP utilizes Rancher Prime, a market-leading Kubernetes management solution that is known for its simplicity, robustness, and outstanding user experience. SUSE has made key enhancements to Rancher Prime to support telecom use cases, with the following benefits:

• Faster rollouts. ATIP utilizes GitOps to help users manage and consistently deploy thousands of Kubernetes clusters easily. With integration of CNCF’s Cluster API, operators can further speed the process with programmatic APIs that also offer a vendor-neutral integration point.
• Unified management. Manage Linux and Kubernetes from a single pane of glass. Save operating costs and administration overhead, while increasing the efficiency of lifecycle operations at scale.
• Zero-touch provisioning. Save costs with simple zero-touch onboarding of enterprise-grade edge hardware, eliminating the need for skilled technical staff onsite – connect power, network, and switch on device: the software does the rest.

Architecture

SUSE ATIP is a massively scalable management solution for telco-grade cloud native bare-metal and private edge infra­structure. The architecture white paper “Future-Proof Telecom Modernization with an Open and Flexible Infrastructure Platform” guides you through the various design elements of SUSE ATIP.

Our vision for the next generation of telecom infrastructure is that 5G and Edge computing will enable a new class of novel applications and use cases. SUSE ATIP is purpose-built to enable telecom operators in transforming their networks by delivering flexible, adaptable infrastructure to support this new class of applications. SUSE helps solve the challenges of managing large numbers of diverse and varied clusters scattered across bare-metal infrastructure, public and private clouds. We do that while delivering the feature set and security posture you would expect from a vendor who has been delivering business-critical Linux solutions for more than 30 years.

Learn More

• Vision for Telecom at the Edge – White Paper
• SUSE Telecom Industry Solutions
• SUSE Edge Solutions

Flooid, a leading unified-commerce platform provider, and SUSE have nurtured a partnership that empower retailers to innovate and scale fast. The partnership aims to transfer real-time information seamlessly between data center, the cloud, the store estate, and tens of thousands of devices at the edge.

Retailers moving to the ‘store of the future’ require new levels of speed, flexibility and open innovation, without compromising on security or performance. In this hyper-connected world, their success depends upon transferring real-time information seamlessly from any customer point of interaction — a point of service in a store, a kiosk, online or even through an edge device or sensor — to a cloud service.

This partnership is a true collaboration in which each technology provider enhances the performance of the other. Flooid and its leading unified-commerce platform is helping top tier retail leaders to transform and innovate in the way they sell to customers across multiple retail verticals and channels. SUSE complements Flooid with open source capabilities bringing an additional layer of security and resilience across critical systems, ensuring near-zero vulnerabilities during periods of rapid digital transformation.

Retailers benefit from the partnership by being able to evolve the way they sell and serve the customer, faster, more securely, and with reduced cost and risk. Retailers can try new concepts and scale new capabilities such as walkin-walkout stores, artificial intelligence experiences, self-service models, and modern inventory techniques. The partnership provides retailers with a unified, adaptable commerce platform, and an open architecture that gives them the agility they need to try, test, and scale up new concepts.

The technology behind this partnership is a combination of Flooid’s omnichannel point-of-service (POS) technology and SUSE’s Linux operating system. Business-critical workloads move across cloud and resilient on-premise devices, while containerised applications maximise development agility including in edge use cases, which are of increasing interest to ambitious retailers.

One of the key challenges retailers face is the fast pace of evolving customer expectations. This requires new technical solutions, but to innovate at the necessary speed, retailers need a flexible core rather than a series of monolithic systems that operate in siloes. Merely going digital is not enough, as much of the customer experience differentiation takes place at the edge. Retailers must adopt an end-to-end infrastructure that can handle real-time transactions and insights from tens or hundreds of thousands of endpoints. Additionally, business-critical applications such as the POS platform or ERP need to remain operational around the clock.

Retailers must find a way to improve their operations while reducing costs and ensuring continuity of business. Flooid and SUSE enable retailers to meet these significant challenges.

SUSE and Flooid have been working together since 2008 to help retailers change the way they operate in line with industry trends. Our partnership is truly global, having worked together on projects for retail supermarket, convenience and fast moving consumer goods businesses in the UK, South Africa, Canada and the USA, as well as multiple specialty businesses in Europe.

Retailers can engage directly with the Flooid team knowing the SUSE team is in lock step with Flooid to provide open source-based infrastructure and enhanced security capabilities enabling the fluid transformation of operations and helping retailers “get to great”.

Reach out to the Flooid team at www.flooid.com for more information.