Today’s announcement of IBM’s new z16 mainframes promises a system that caters to enterprise needs that include support for AI, security, hybrid cloud, and open source efforts well into the future.The new, more powerful and feature-rich Big Iron boasts an AI accelerator built onto its core Telum processor that can do 300 billion deep-learning inferences per day with one millisecond latency and includes what IBM calls a quantum-safe system to protect organizations from anticipated quantum-based security threats.
[Get regularly scheduled insights by signing up for Network World newsletters.]To read this article in full, please click here
Fortinet has made available a new release of its core FortiOS software that includes features the vendor says will help enterprises more tightly meld security and networking controls.FortiOS 7.2, has 300 new features including AI support to help stop network threats more quickly, sandboxing to help fight ransomware threats, and improved SD-WAN, branch, and edge orchestration.How to choose an edge gateway
FortiOS is the vendor’s operating system for the FortiGate family of hardware and virtual components. FortiOS implements Fortinet Security Fabric and includes network security such as firewalling, access control, and authentication in addition to SD-WAN, switching, and wireless services. To read this article in full, please click here
Fortinet has made available a new release of its core FortiOS software that includes features the vendor says will help enterprises more tightly meld security and networking controls.FortiOS 7.2, has 300 new features including AI support to help stop network threats more quickly, sandboxing to help fight ransomware threats, and improved SD-WAN, branch, and edge orchestration.How to choose an edge gateway
FortiOS is the vendor’s operating system for the FortiGate family of hardware and virtual components. FortiOS implements Fortinet Security Fabric and includes network security such as firewalling, access control, and authentication in addition to SD-WAN, switching, and wireless services. To read this article in full, please click here
In a zero-trust environment, trust is not static. Behavior has to be visible for trust to persist.One of the most important differences between old thinking on networking and the zero-trust mindset is the inversion of thinking on trust. Pre-ZT, the assumption was this: Once you get on the network, you are assumed to be allowed to use it any way you want until something extraordinary happens that forces IT to shut you down and remove your access. You are assumed broadly trustworthy, and confirming that status positively is very rare. It is also very rare to have that status revoked.To read this article in full, please click here
Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately.
Cloud NGFW for AWS enables organizations to shift security responsibility to Palo Alto, allowing them to speed cloud innovation while remaining secure, the vendor says.
Zero trust (ZT) is a mindset and a method, not a technology. The current push to adopt ZT is driven by an urgent and growing need to make a major leap forward in risk management and attack containment in enterprise networks, a need driven home by every successive wave of ransomware. IT can use the urgency of moving to ZT to root out some of the technical debt in the environment. Specifically, it can be a catalyst to find areas exempted from network and network security standards and bring them up to date under the new paradigm of zero trust.No more exempting network components from access-control roles
In a ZT environment, the network not only doesn’t trust a node new to it, but it also doesn’t trust nodes that are already communicating across it. When a node is first seen by a ZT network, the network will require that the node go through some form of authentication and authorization check. Does it have a valid certificate to prove its identity? Is it allowed to be connected where it is based on that identity? Is it running valid software versions, defensive tools, etc.? It must clear that hurdle before being Continue reading
IBM is launching a new service to help customers manage their data encryption keys in a hybrid cloud environment. Unified Key Orchestrator lets customers integrate all security key-management systems into one managed service that's backed by Big Blue’s Hardware Security Module. HSM is IBM’s system that protects against physical or logical attacks and has special hardware to perform cryptographic operations and protect keys.Gartner: IT skills shortage hobbles cloud, edge, automation growth
Available from IBM Cloud, Unified Key Orchestrator lets customers maintain visibility and control over who has access to their critical data, while running workloads across hybrid or multicloud cloud environments. In addition, with a single, secure, cloud-based view of an organization’s crypto keys, enterprises can create and revoke keys for their data across multiple clouds. At the same time, companies no longer need to rely on security experts with specialized knowledge of each individual cloud to handle security operations, according to IBM.To read this article in full, please click here
Network Access Control (NAC) is a cybersecurity technique that prevents unauthorized users and devices from entering private networks and accessing sensitive resources. Also known as Network Admission Control, NAC first gained a foothold in the enterprise in the mid-to-late 2000s as a way to manage endpoints through basic scan-and-block techniques.As knowledge workers became increasingly mobile, and as BYOD initiatives spread across organizations, NAC solutions evolved to not only authenticate users, but also to manage endpoints and enforce policies.How NAC works
NAC tools detect all devices on the network and provide visibility into those devices. NAC software prevents unauthorized users from entering the network and enforces policies on endpoints to ensure devices comply with network security policies. NAC solutions will, for instance, make sure that the endpoint has up-to-date antivirus and anti-malware protections.To read this article in full, please click here
SASE adoption has been skyrocketing since the start of the pandemic. Secure access service edge, a term Gartner coined in 2019, combines security and networking in a single, scalable, cloud-based platform that fits well in a world in which employees work from home and mostly access cloud-based apps and services.Now Gartner is pushing a new acronym. Turns out, companies might prefer to get their SASE without the “A” — just security service edge, or SSE. Gartner this month published a Magic Quadrant for SSE (something the company never did for SASE); it's available from vendors listed in the report (here and here, for example).To read this article in full, please click here
The National Security Agency this week issued detailed recommendations for businesses trying to secure their networking infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report began by highlighting the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here
The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report highlighted the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts, and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here
Domain name system (DNS) attacks, in which bad actors take advantage of vulnerabilities in the DNS Internet protocol, are extremely prolific -- and costly.To read this article in full, please click here(Insider Story)
Domain name system (DNS) attacks, in which bad actors take advantage of vulnerabilities in the DNS Internet protocol, are extremely prolific—and costly.To read this article in full, please click here(Insider Story)
The FCC is launching an inquiry into security issues surrounding the Border Gateway Protocol (BGP), a widely used standard used to manage interconnectivity between large portions of the Internet.The move, announced Monday, was issued in response to "Russia's escalating actions inside of Ukraine," according to the commission's notice of inquiry.BGP is, in essence, a method of ensuring that independently managed networks that make up the global internet are able to communicate with one another. Its initial design, which the FCC said is still in widespread use today, does not contain important security features, meaning that, simply by misconfiguring its own BGP information, a bad actor could potentially redirect Internet traffic wherever it sees fit. This could let that attacker send incorrect information to its targets, read and compromise login credentials, or simply shut down whichever kinds of traffic it wishes.To read this article in full, please click here
2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco's Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here
Zero trust touches everything: identity, applications, networks, data, and devices. The best approach is not to change everything all at once. Instead, start with the big picture.In our research, we’ve found the most successful organizations dedicated the first phase of their zero-trust initiatives to working out an architecture. They didn’t rush into deploying solutions as though starting with a greenfield.Everyone else dove in fast, mixing the foundational work on zero trust with one or more of the knock-on efforts: rearchitecting networks, security, and data management; buying tools; forming implementation teams and setting them to work. All those things need to happen, of course, but with zero trust, it pays to do a lot more thinking about how all the pieces will fit together before undertaking the changes needed, either at the architectural level or in the tool set.To read this article in full, please click here