Advanced Threat Intelligence Begins with Network Visibility

The current reality has pushed users, applications, and data to the edge of the network where traditional perimeter security solutions have historically fallen short. Threat actors know this, of course, and have spent the past nine months targeting the weakest link in the security stack: the user. 

Email and web browsing continue to be popular attack vectors. Security vendors have beefed up web and email security, but issues with legacy architectures are letting some attacks slip through. Information and context derived from advanced threat intelligence remain the most powerful weapons in a security team’s arsenal. Advanced technologies such as artificial intelligence and machine learning can help scan, detect, and warn at scale, but they’re not bulletproof. Increasingly sophisticated threat actors, powered by AI and ML, are finding ways to evade threat detection.

Security professionals interested in learning more about the current state of advanced threat inspection, threat intelligence, and the emerging technologies that power these capabilities should check out the following sessions: 

The Promise and Peril of AI for Cybersecurity (ISNS2794) 

Artificial intelligence and machine learning are powerful, indeed essential, components of security  Continue reading

The Senior Trap

How do you become a “senior engineer?” It’s a question I’m asked quite often, actually, and one that deserves a better answer than the one I usually give. Charity recently answered the question in a round-a-bout way in a post discussing the “trap of the premature senior.” She’s responding to an email from someone who is considering leaving a job where they have worked themselves into a senior role. Her advice?

Quit!

This might seem to be counter-intuitive, but it’s true. I really wanted to emphasize this one line—

There is a world of distance between being expert in this system and being an actual expert in your chosen craft. The second is seniority; the first is merely .. familiarity

Exactly! Knowing the CLI for one vendor’s gear, or even two vendor’s gear, is not nearly the same as understanding how BGP actually works. Quoting the layers in the OSI model is just not the same thing as being able to directly apply the RINA model to a real problem happening right now. You’re not going to gain the understanding of “the whole ball of wax” by staying in one place, or doing one thing, for the rest of Continue reading

Gordon Bell Prize Winners Leverage Machine Learning For Molecular Dynamics

For more than three decades, researchers have used a particular simulation method for molecular dynamics called Ab initio molecular dynamics, or AIMD, which has proven itself to be the method most accurate for analyzing how atoms and molecules move and interact over a fixed time period.

Gordon Bell Prize Winners Leverage Machine Learning For Molecular Dynamics was written by Jeffrey Burt at The Next Platform.

Docker Captain Take 5 – Ajeet Singh Raina

Docker Captains are select members of the community that are both experts in their field and are passionate about sharing their Docker knowledge with others. Today, we’re introducing “Docker Captains Take 5”, a regular blog series where we get a closer look at the Docker experts who share their knowledge online and offline around the world. A different Captain will be featured each time and we will ask them the same broad set of questions ranging from what their best Docker tip is to whether they prefer cats or dogs (personally, we like whales and turtles over here). To kick us off we’re interviewing Ajeet Singh Raina who has been a Docker Captain since 2016 and is a DevRel Manager at Redis Labs. He is based in Bangalore, India.  

How/when did you first discover Docker?

It was the year 2013 when I watched Solomon Hykes for the first time presenting “The Future of Linux Containers” at PyCon in Santa Clara. This video inspired me to write my first blog post on Docker and the rest is history.

What is your favorite Docker command?

The docker buildx CLI  is one of my favorite commands. It allows you to Continue reading

Network Break 311: Apstra Gets Loud About SONiC; VMware Sinks More Hooks Into Networking

Each week Network Break runs vendor press releases through our patented ML algorithms to strip out the marketing & buzzwords. It doesn't leave us much to work with, but we do our best. Today's episode covers Apstra's IBN support for the SONiC NOS, IBM's purchase of APM newcomer Instana, VMware's furthering of its networking ambitions, a startup building 5G chips for the edge, and more.

The post Network Break 311: Apstra Gets Loud About SONiC; VMware Sinks More Hooks Into Networking appeared first on Packet Pushers.

The Week in Internet News: Siberian Student Climbs Tree to Get Internet Access

Great heights: As his classes move online, Russian student Alexei Dudoladov has to climb a birch tree to get Internet access, Reuters reports. The student at the Omsk Institute of Water Transport, which is nearly 1,400 miles east of Moscow, says his home Internet service is not strong enough to connect to online classes. “I need to go into the forest 300 meters from the village and climb a birch tree that is eight-meters high … and I get on Zoom to speak to professors and prove that I am not skipping class for no reason.”

Even greater heights: Meanwhile, the Ector County Independent School District in Odessa, Texas, is hoping that the new SpaceX satellite Internet service will help give students and teachers better Internet access, Education Dive says. The district is the first in the U.S. to work with SpaceX’s Starlink Internet service. A pilot project in early 2021 will include 45 families with students or teachers in the district.

Cybersecurity boss fired: U.S. President Donald Trump, who continues to insist he was the victim of massive nationwide voting fraud in his recent election loss to Joe Biden, has fired Christopher Krebs, who led the federal Continue reading

Why Is Public Cloud Networking So Different?

A while ago (eons before AWS introduced Gateway Load Balancer) I discussed the intricacies of AWS and Azure networking with a very smart engineer working for a security appliance vendor, and he said something along the lines of “it shows these things were designed by software developers – they have no idea how networks should work.

In reality, at least some aspects of public cloud networking come closer to the original ideas of how IP and data-link layers should fit together than today’s flat earth theories, so he probably wanted to say “they make it so hard for me to insert my virtual appliance into their network.

Elle: inferring isolation anomalies from experimental observations

Elle: inferring isolation anomalies from experimental observations, Kingsbury & Alvaro, VLDB’20

Is there anything more terrifying, and at the same time more useful, to a database vendor than Kyle Kingsbury’s Jepsen? As the abstract to today’s paper choice wryly puts it, “experience shows that many databases do not provide the isolation guarantees they claim.” Jepsen captures execution histories, and then examines them for evidence of isolation anomalies. General linearizability and serializability checking are NP-complete problems due to extreme state-space explosion with increasing concurrency, and Jepsen’s main checker, Knossos, taps out on the order of hundreds of transactions.

Databases are in for an ‘Ell(e) of a hard time with the new checker in the Jepsen family though, Elle. From the README:

Like a clever lawyer, Elle looks for a sequence of events in a story which couldn’t possibly have happened in that order, and uses that inference to prove the story can’t be consistent.

The paper describes how Elle works behind the scenes, and gives us a taste of Elle in action. Elle is able to check histories of hundreds of thousands of transactions in just tens of seconds. Which means whole new levels of stress for Continue reading

Worth Reading: Do Your Homework

Tom Hollingsworth wrote another must-read blog post in which he explained what one should do before asking for help:

If someone comes to me and says, “I tried this and it failed and I got this message. I looked it up and the response didn’t make sense. Can you tell me why that is?” I rejoice. That person has done the legwork and narrowed the question down to the key piece they need to know.

In other words (again his), do your homework first and then ask relevant questions.

Heavy Networking 551: An Insider’s Guide To The SONiC Network OS

SONiC is a network OS that can run on a variety of whitebox switches. Originally developed by Microsoft, SONiC is now an open-source project with distributions that target hyperscale and enterprise environments. Today's Heavy Networking is a deep dive into SONiC with Dave Maltz, a Technical Fellow at Microsoft who has been closely involved with SONiC's development. While Microsoft is a SONiC backer, this is an unsponsored episode.

The post Heavy Networking 551: An Insider’s Guide To The SONiC Network OS appeared first on Packet Pushers.

Calico Delivers “Wow Effect” with 6x Faster Encryption than Any Other Solution… Confirms Leadership in Latest Independent CNI Benchmark Tests

Benchmark tests measure a repeatable set of quantifiable results that serve as a point of reference against which products and services can be compared. Since 2018, Alexis Ducastel, a Kubernetes CKA/CKAD and the founder of InfraBuilder, has been running independent benchmark tests of Kubernetes network plugins (CNI) over a 10Gbit/s network.

The latest benchmark in this periodic series of tests was published in September, and was based on CNI versions that were up-to-date as of August 2020. Only CNIs that can be set up with a single yaml file were tested and compared, and included the following:

  • Antrea v.0.9.1
  • Calico v3.16
  • Canal v3.16 (Flannel network + Calico Network Policies)
  • Cilium 1.8.2
  • Flannel 0.12.0
  • Kube-router latest (2020–08–25)
  • WeaveNet 2.7.0

We are thrilled to report that among all of the CNI’s tested, Calico was the clear winner, excelling in nearly every category and delivering superlative results which are summarized in the chart below. In fact, Calico is the CNI of choice in the primary use cases presented by the author in the report’s summary.

The exceptional performance of Calico encryption was described as having the “real wow effect” among all of Continue reading

Monitoring failed login attempts on Linux

Repeated failed login attempts on a Linux server can indicate that someone is trying to break into an account or might only mean that someone forgot their password or is mistyping it. In this post, we look at how you can check for failed login attempts and check your system's settings to see when accounts will be locked to deal with the problem.One of the first things you need to know is how to check if logins are failing. The command below looks for indications of failed logins in the /var/log/auth.log file used on Ubuntu and related systems. When someone tries logging in with a wrong or misspelled password, failed logins will show up as in the lines below:To read this article in full, please click here

Edge computing: When to outsource, when to DIY

The edge is being sold to enterprise customers from just about every part of the technology industry, and there’s not always a bright dividing line between “public” options – edge computing sold as a service, with a vendor handling operational data directly – and “private” ones, where a company implements an edge architecture by itself.There are advantages and challenges to either option, and which is the right edge-computing choice for any particular organization depends on their individual needs, budgets and staffing, among other factors. Here are some considerations.To read this article in full, please click here

Edge computing: When to outsource, when to DIY

The edge is being sold to enterprise customers from just about every part of the technology industry, and there’s not always a bright dividing line between “public” options – edge computing sold as a service, with a vendor handling operational data directly – and “private” ones, where a company implements an edge architecture by itself.There are advantages and challenges to either option, and which is the right edge-computing choice for any particular organization depends on their individual needs, budgets and staffing, among other factors. Here are some considerations.To read this article in full, please click here

Tech Bytes: Pluribus Rethinks Open Networking For Better Programmability, TCO (Sponsored)

Today's Tech Bytes dives into Pluribus Networks’ Linux-based Netvisor ONE OS for white box switches. We also discuss Pluribus’ Adaptive Cloud Fabric, a distributed, controllerless SDN solution for deploying and automating data center fabrics that promises simpler operations and a lower TCO. Our guest is Alessandro Barbieri, VP of Product Management.

The post Tech Bytes: Pluribus Rethinks Open Networking For Better Programmability, TCO (Sponsored) appeared first on Packet Pushers.

1 2 3 2,944