The pandemic has changed how we work, probably forever. Most employees with jobs that can be done effectively from home have no intention of returning full time to the office. They find that their work-life balance is much more balanced without the long commutes and constant interruptions that accompany office work.According to a McKinsey/Ipsos survey, 58 percent of American workers had the opportunity to work from home at least one day a week in 2022, while 38 percent were not generally required to be in the office at all.To read this article in full, please click here
Industry veteran Tom Gillis, who left VMware in December, has returned to Cisco in a new but familiar role: senior vice president and general manager of Cisco’s Security Business Group. From 2007 to 2011, Gillis was vice president and general manager of Cisco’s then-called Security Technology Group, which focused on developing network, content and identity management products.After that, Gillis founded cloud computing firm Bracket Computing, which was acquired by VMware in May 2018.Gillis ran VMware's $2 billion networking and security business from that point until this past December, and he was responsible for a number of its core products, including VMware's NSX networking and network/edge software products. To read this article in full, please click here
The year highlighted how vulnerable the technology sector is to the vagaries of geopolitics and the macroeconomy, as IT giants laid off workers, regulators cracked down on tech rule-breakers, nations negotiated data security regulations, the US-China chip war widened, and the Ukraine war disrupted business as usual.
What’s the single most important thing that enterprises should know about networking in 2023? Forget all that speeds-and-feeds crap you hear from vendors. The answer is that networking is now, and forever, linked to business applications, and those applications are linked now to the way that we use the Internet and the cloud. We’re changing how we distribute and deliver business value via networking, and so network technology will inevitably change too, and this is a good time to look at what to expect.Growth in Internet dependence
First, the Internet is going to get a lot better because it’s going to get a lot more important. It’s not just that the top-end capacities offered will be raised, in many cases above 2 Gbps. Every day, literally, people do more online, and get more interactive, dynamic, interesting, websites to visit and content to consume. Internet availability has been quietly increasing, and in 2023 there will be a significant forward leap there, in large part because people who rely on something get really upset when it’s not working.To read this article in full, please click here
Zero Trust is a term coined by John Kindervag while he was an analyst at Forrester Research to describe a strategic framework in which nothing on the network is trusted by default – not devices, not end users, not processes. Everything must be authenticated, authorized, verified and continuously monitored.The traditional approach to security was based on the concept of “trust, but verify.” The weakness of this approach is that once someone was authenticated, they were considered trusted and could move laterally to access sensitive data and systems that should have been off-limits.Zero Trust principles change this to “never trust, always verify.” A Zero Trust architecture doesn’t aim to make a system trusted or secure, but rather to eliminate the concept of trust altogether. Zero Trust security models assume that an attacker is present in the environment at all times. Trust is never granted unconditionally or permanently, but must be continually evaluated.To read this article in full, please click here
Hybrid and multicloud initiatives will continue to shape enterprise IT in 2023, and the impact on data-center networking will be felt across key areas including security, management, and operations. Network teams are investing in technologies such as SD-WAN and SASE, expanding automation initiatives, and focusing on skills development as more workloads and applications span cloud environments.“The most important core trend in data centers is the recognition that the hybrid cloud model – which combines current transaction processing and database activities with a cloud-hosted front-end element for the user interface – is the model that will dominate over time,” said Tom Nolle, president of CIMI Corp. and a Network World columnist. The industry is seeing a slow modernization of data center applications to support the hybrid-cloud model, Nolle says, “and included in that is greater componentization of those applications, a larger amount of horizontal traffic, and a greater need to manage security within the hosted parts of the application.”To read this article in full, please click here
Secure Access Service Edge (SASE) is a network architecture that combines software-defined wide area networking (SD-WAN) and security functionality into a unified cloud service that promises simplified WAN deployments, improved efficiency and security, and application-specific bandwidth policies.First outlined by Gartner in 2019, SASE (pronounced “sassy”) has quickly evolved from a niche, security-first SD-WAN alternative into a popular WAN sector that analysts project will grow to become a $10-billion-plus market within the next couple of years.To read this article in full, please click here
Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday.It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected.Rackpsace offers migration to Microsoft 365
Rackspace said today that there is “no timeline” for a restoration of Exchange service, but it is offering Exchange users technical assistance and free access to Microsoft 365 as a substitute, though it acknowledged that migration is unlikely to be a simple process for every user. Rackspace said that, while the migration is in progress, customers can forward email sent to their Hosted Exchange inboxes to an external server, as a temporary workaround.To read this article in full, please click here
The job of a network engineer just keeps getting more complicated. Mission critical applications are competing for bandwidth. The sheer number of devices is exploding, driven by IoT. And the network itself if being extended to the cloud, the edge and to the home office. And then there’s cybersecurity to worry about. Attacks are on the rise across the board, and attackers are constantly looking for vulnerabilities or backdoors, upping the need for solid and secure networking to act as an early warning system for cybersecurity defenses.Thankfully, there are many great tools available to help network engineers complete their never-ending tasks. And many of them are available for free. Here’s our list of 12 killer network tools that won’t break the bank. To read this article in full, please click here
Having thorough IT security usually means having a layered approach. Basic antivirus, for instance, might catch PC-based malware once a user downloads it, but you could try to block it before it ever reaches the user device, or at least have another security mechanism in place that might catch it if the basic antivirus doesn’t. DNS-based filtering can do this! It can help stop users from browsing to malware and phishing sites, block intrusive advertising to them, and serve as adult content filters.First, a quick primer for those who are unfamiliar with DNS: You utilize the Domain Name System (DNS) every time you surf the Web. Each time you type a site name into the browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the Web server to get the content. The process of converting the domain name to its IP address is called domain-name resolution.To read this article in full, please click here
Dell Technologies has announced new products and services for data protection as part of its security portfolio.Active data protection is often treated as something of an afterthought, especially compared to disaster recovery. Yet it's certainly a problem for companies. According to Dell’s recent Global Data Protection Index (GDPI) research, organizations are experiencing higher levels of disasters than in previous years, many of them man-made. In the past year, cyberattacks accounted for 48% of all disasters, up from 37% in 2021, and are the leading cause of data disruption.One of the major stumbling blocks in deploying data-protection capabilities is the complexity of the rollout. Specialized expertise is often required, and products from multiple vendors are often involved. Even the hyperscalers are challenged to provide multicloud data-protection services.To read this article in full, please click here
Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.The new features are built into the latest version of Palo Alto's firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company’s WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).WildFire is Palo Alto’s on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto’s firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.To read this article in full, please click here
Recently during a research interview with a small but fast-growing business, for the first time I encountered an organization with a “no-network-vendor” network. That is, instead of using Cisco or Dell or even a white-box solution for switching and routing, the company deployed only Fortinet equipment for its entire network. That is, every network component is part of the security infrastructure for them.They built the network this way not just to bake security into its core (a great idea in itself) but also for:
ease of management: they have one tool, it manages every component
ease of deployment: they have only two or three versions of each appliance, all the same except for capacity and port count
ease of expansion to new locations: every site is the same as any other site of similar size
They have a small stock of replacement appliances on the shelf, with which they provide rapid recovery for all locations. They could easily also consume security-operations center as-a-service, and use professional services for nearly all the rest of their network operations. In essence, their security solution could become their complete network solution as well.To read this article in full, please click here
VMware has added more security features to its forthcoming on-demand multi-cloud networking and security service called Northstar that it previewed during its August VMware Explore 2022 conference.VMware said then that Northstar will provide a central console for turning up networking and security services across private clouds and VMware Cloud deployments that run on public clouds. It will include VMware services such as Network Detection and Response, NSX Intelligence, advanced load balancing and Web Application Firewall. Within Northstar, Network Detection and Response support will provide scalable threat detection and response for workloads deployed in private and/or public clouds.To read this article in full, please click here
Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.
A new specification from the Open Compute Project could mean more choices for IT pros when it comes time to replace server cards.The spec defines a block of code that, when used in processors, establishes root of trust (RoT) boot security. Because the spec is open, any chip maker can use it, and it will provide interoperability with chips made by other chip makers that also use it. This can help eliminate being locked into a single vendor because of proprietary RoT code.By standardizing on OCP hardware, for example, it’s possible to replace a bad smartNIC from one vendor with one from another vendor, says Bill Chen, general manager of server product management at Supermicro, an OCP member.To read this article in full, please click here
Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field.AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected.Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory.To read this article in full, please click here
Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. "That’s the doomsday scenario that everyone is afraid of," says Skip Rollins, the hospital chain's CIO and CISO.Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren't being hacked. But he can't."The vendors in this space are very uncooperative," he says. "They all have proprietary operating systems and proprietary tools. We can't scan these devices. We can't put security software on these devices. We can't see anything they're doing. And the vendors intentionally deliver them that way."To read this article in full, please click here
Network World Security