F5 Networks has rolled out an integrated, cloud-based security platform and services aimed at protecting widely distributed enterprise applications.The company used its Agility conference this week to introduce its overarching Distributed Cloud Services platform, which will bring together security technologies from recent acquisitions, including Threat Stack, Volterra, and Shape Security, plus its own web-application firewall and other components to offer an integrated, secure, distributed application-management platform for on-prem or cloud deployment.How to build a hybrid-cloud strategy
“Modernizing apps includes transformational actions such as leveraging microservices, using multiple clouds and edge locations instead of a single cloud provider, and utilizing API-based communication to connect workloads and data,” wrote Haiyan Song, executive vice president and general manager of F5’s Security & Distributed Cloud Product Group in a blog about the new services.To read this article in full, please click here
Power, they say, corrupts, and absolute power corrupts absolutely. While that was said about politics, it sure seems like it was tailor-made for smart buildings.Facility-control technology is exploding because the concept is useful and often saves money. Unfortunately, smart devices have also proven to be an on-ramp for major intrusions. Smart buildings are surely absolutely powerful in a way; are they absolutely corruptible? Maybe, if we’re not very careful.[Get regularly scheduled insights by signing up for Network World newsletters.]
If corruption means overall bad-ness, then hacking a smart building surely qualifies. It could let intruders mess with lights, heating and air conditioning, and maybe other critical systems, too. We also know from news stories that a hacker could use a successful smart building intrusion to sneak into other business applications, potentially compromising them and critical company information. It’s important to address these risks, and that means starting with how they arise.To read this article in full, please click here
The high-tech community is still trying to figure out the long-term impact of the serious vulnerability found late last year in the open-source Apache Log4j software, and so is the US Senate.“Open source is not the problem,” stated Dr. Trey Herr, director of the Cyber Statecraft Initiative with Atlantic Council think tank during a US Senate Committee on Homeland Security & Government Affairs hearing this week. “Software supply-chain security issues have bedeviled the cyber-policy community for years.”Experts have been predicting a long-term struggle to remedy the Log4j flaw and its impact. Security researchers at Cisco Talos for example stated that Log4j will be widely exploited moving forward, and users should patch affected products and implement mitigation solutions as soon as possible.To read this article in full, please click here
Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.[Get regularly scheduled insights by signing up for Network World newsletters.]
All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.To read this article in full, please click here
SASE vendor Cato Networks is adding fine-grained cloud access security broker (CASB) controls to its platforms.When employees working from home or branch locations log into SaaS services such as Office 365 or Dropbox or Salesforce, a CASB gateway can track the applications employees access, where they log in from, and sometimes even what they do when using those applications.Previously, Cato only offered limited CASB controls, enabling companies to allow or prohibit the use of particular SaaS tools, says Dave Greenfield, Cato's director of technology evangelism. Now, individual behaviors can be controlled. For example, users might be allowed to download documents from certain cloud file-sharing providers but can only upload documents to a company's preferred platform.To read this article in full, please click here
Research firm Gartner forecasts IT spending will reach nearly $4.5 trillion worldwide this year, with enterprise software, IT services, and data center systems leading the way. The projected $4.45 trillion in spending this year represents an increase of 5.1% compared with 2021.The largest growth segment is enterprise software, which is projected to grow 11% to $672 billion. However, Gartner includes the cloud market in the enterprise software market, and that's where the growth is.
Read more: Gartner's top infrastructure and operations trends for 2022To read this article in full, please click here
At the end of last year, I heard from a long-time enterprise contact that had a major security concern. The company had installed three layers of security and just completed an audit. It showed that since thIey’d finished their installation they’d had five security incidents, and all of them had originated inside their security perimeter, bypassing most of their protection.Their question was what they did wrong and how they could fix it.What this company experienced is far from rare, and the source of their problems and the paths to correction are far from easy.We tend to think of security as a goal we can achieve with a simple toolkit. Not so. Security is the state you achieve by dealing with all likely threats, and every threat has to be addressed in its own unique way. Problems can come from hackers gaining access to an application or database from the outside, through things like stealing credentials or exploiting weak authentication.To read this article in full, please click here
Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here
Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here
After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software. Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.To read this article in full, please click here
Aryaka Networks is looking to target more enterprises with a new managed secure access service edge (SASE) offering and an improved, lower cost SD-WAN offerings.Aryaka is known for offering WAN and SD-WAN services over its global Layer 2 network with more than 40 points . The new services spring from that backbone to provide additional, flexible WAN services. SD-WAN buyers guide: Key questions to ask vendors
The first is based on a new iteration of Aryaka’s L2 core—the L3—which is optimized for cost and non-mission critical applications or sites that don’t require top-shelf performance. The L2 core is optimized for performance-sensitive applications.To read this article in full, please click here
Wouldn’t it be great if there were a cloud-based service that combined networking and security so that users located anywhere could safely and efficiently access applications and data located anywhere? That’s the aim of SASE (rhymes with gassy). SASE isn’t a single product, but rather it’s an approach, a platform, a collection of capabilities, an aspiration.Gartner coined the term Secure Access Service Edge in a 2019 research report, and the name stuck. Vendors have been doing backflips trying to cobble together complete SASE offerings, which would include at a minimum software-defined WAN (SD-WAN), secure Web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS) and zero trust network access (ZTNA).To read this article in full, please click here
Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.To read this article in full, please click here
Enterprise infrastructure that supports data center, cloud and edge networks could someday be dominated by one of its tiniest components--the smartNIC or data processing unit (DPU).Use of smartNICs in the enterprise is still evolvinging, but the idea behind them--offloading server CPU duties onto a separate device to free up server cycles--is not new. Specialized hardware accelerators such as graphics processing units (GPU), field-programmable gate arrays (FPGA), and focused NICs have offloaded CPU workloads in telco, financial, and scientific application processing. NaaS is the future but it's got challenges
Looking ahead, users and vendors see a way to reduce enterprise costs, improve performance and increase security with smartNICs.To read this article in full, please click here
Wi-Fi 6 has some impressive improvements over its predecessor Wi-Fi 5 including lower latency, faster speeds, higher throughput, and increased range that can make it a better fit to serve both dense clusters of clients and clients running high-bandwidth applications.As Wi-Fi in general replaces wired networks in some enterprises and with the increased use of tablets, laptops, and mobile phones within enterprises, wireless-network responsiveness and versatility are becoming more desirable. Wi-Fi 6 (802.11 ax) can help. It can also improve the efficiency of IoT Wi-Fi networks by letting sensors lie idle more of the time so their batteries last longer.To read this article in full, please click here
Palo Alto Networks has bolstered its security software to better protect enterprise Software-as-a-Service (SaaS) applications.The company rolled out a new version of its core cloud-security package, Prisma Cloud 3.0, which includes the ability to code security directly into SaaS applications. The package includes a cloud-access security broker (CASB) to control access to cloud resources.[Get regularly scheduled insights by signing up for Network World newsletters.]
Prisma is a cloud-based security bundle that includes access control, advanced threat protection, user-behavior monitoring, and other services that promise to protect enterprise applications and resources. Managed through a single console, Prisma includes firewall as a service, Zero Trust network access and a secure web gateway. To read this article in full, please click here
The WAN as initially conceived was about one simple job: the WAN was the network that “connects my sites to each other.” That is, the network connecting users in corporate sites to corporate IT resources in other corporate sites or perhaps colocation facilities. It was all inside-to-inside traffic.Over the past decade so much has changed that, just before COVID-19 work-from-home mandates took hold, only about 37% of a typical WAN’s traffic was still inside-to-inside, according to Nemertes’ “Next Generation Networks Research Study 2020-2021”. The rest touched the outside world, either originating there as with remote work against data-center systems or terminating there as with SaaS use from a company site or both as with VPNing into the network only to head back out to a SaaS app.To read this article in full, please click here
(Enterprise Management Associates finds that enterprises are trying to improve collaboration between their network-infrastructure and operations teams and their information-security and cybersecurity teams. This article discusses challenges faced by these teams based on a survey of 366 IT and security professionals detailed in the report “NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation”, by EMA Vice President of Research Networking Shamus McGillicuddy.)To read this article in full, please click here
(Enterprise Management Associates finds that enterprises are trying to improve collaboration between their network-infrastructure and operations teams and their information-security and cybersecurity teams. This article discusses challenges faced by these teams based on a survey of 366 IT and security professionals detailed in the report “NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation”, by EMA Vice President of Research Networking Shamus McGillicuddy.)To read this article in full, please click here