Moving away from VPNs as a means to protect corporate networks at the perimeter and moving toward zero-trust network access requires careful enterprise planning and may require implementing technologies that are new to individual organizations.ZTNA employs identity-based authentication to establish trust with entities trying to access the network and grants each authorized entity access only to the data and applications they require to accomplish their tasks. It also provides new tools for IT to control access to sensitive data by those entities that are deemed trusted.To read this article in full, please click here
In its second cloud-native technology acquisition in as many months, Cisco is buying container security firm Banzai Cloud for an undisclosed amount.Founded in 2017, Banzai is known for developing Kubernetes-based cloud application development and security technologies. It will become part of Cisco's Emerging Technologies and Incubation group, where the company brews new projects for cloud-native networking, security and edge computing environments.
READ MORE: Gartner's top 9 strategic technology trends for 2021To read this article in full, please click here
Palo Alto is rolling out a cloud service that promises to protect the highly distributed data in contemporary enterprises.The cloud service -- Enterprise Data Loss Prevention (DLP) – will help prevent data breaches by automatically identifying confidential intellectual property and personally identifiable information across the enterprise, Palo Alto stated.Data breaches are a huge and growing problem worldwide, but most of the current DLP systems were only designed to help global-scale organizations that have huge data protection budgets and staffs. Legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them, said Anand Oswal, senior vice president and general manager with Palo Alto Networks.To read this article in full, please click here
Demand for secure access service edge (SASE) has grown tremendously during the pandemic. As adoption picks up, vendors are promising feature-rich and integrated SASE solutions. Customers have different needs when it comes to SASE, however, and it’s not always easy to understand what a SASE provider is offering.As an approach, SASE combines networking and security into a scalable cloud service that fits with the remote and hybrid work models companies use today. Potential benefits include easier network and security management, flexibility to scale up or down as business needs require, and lower costs.To read this article in full, please click here
Simplifying security options for enterprise customers is a daunting task, and it can be even harder in the current pandemic-driven workforce environment. But Cisco is taking steps to both streamline and bolster its security menu, according to news out of its virtual Partner Summit conference. For starters, Cisco is eliminating 50 product names and simplifying its offerings within the renamed Cisco Secure portfolio. Cisco is also reinforcing its key platforms, including its SecureX and zero trust packages. (See related story, Cisco software upgrades to simplify hybrid-cloud management, operations)To read this article in full, please click here
(Editor’s note, Oct. 29, 2020: With the FBI and US Department of Homeland Security recently warning of credible cyberthreats to healthcare facilities including ransomware, it’s a good time to review the steps outlined in this article that enterprises can take to guard against such attacks.)Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time.Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission.To read this article in full, please click here
(Editor’s note: An August 2020 Enterprise Management Associates survey of 252 North American and European IT professionals found that most had accelerated their adoption of Zero Trust networking framework. This article by EMA Vice President of Research Networking Shamus McGillicuddy further details the results of the “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” report.)The COVID-19 pandemic has prompted 60% of enterprises to accelerate their Zero Trust networking strategies. Just 15% of organizations slowed down in response to the public-health crisis, and 25% reported no effect, according to Enterprise Management Associates research.To read this article in full, please click here
Deploying password-quality checking on your Debian-based Linux servers can help ensure that your users assign reasonably secure passwords to their accounts, but the settings themselves can be a bit misleading.For example, setting a minimum password length of 12 characters does not necessarily mean that all your users' passwords will actually have 12 or more characters.Let's stroll down Complexity Boulevard and see how the settings work and examine some that are worth considering.[Get regularly scheduled insights by signing up for Network World newsletters.]
The files that contain the settings we're going to look at will be:To read this article in full, please click here
Companies need to focus on architecting resilience and accept that disruptive change is the norm, says research firm Gartner, which unveiled its annual look at the top strategic technology trends that organizations need to prepare for in the coming year.Gartner unveiled this year's list at its flagship IT Symposium/Xpo Americas conference, which is being held virtually this year.
READ MORE: VMware highlights security in COVID-era networking | Essential edge-computing use cases | How AI can boost data-center availability, efficiencyTo read this article in full, please click here
This month's installment covers the impetus lent to IoT deployments by the ongoing pandemic, some new wrinkles in the security picture, and the possibility of more intelligence at the network edge in the future.
IBM is expanding the role of its security-software package for hybrid-cloud deployments by improving the gathering of security data collected within customer networks and drawing on third-party threat-intelligence feeds, among other upgrades.IBM’s Cloud Pak for Security, which features open-source technology for hunting threats and automation capabilities to speed response to cyberattacks, can bring together on a single console data gathered by customers’ existing security point products.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here
Juniper Networks has added new components to its security portfolio to help customers get a better handle on potential threats as well as improve risk detection and response.The new products are aimed at figuring out who and what devices are on the network and then offering the security intelligence to help them address threats at every point on the network, said Samantha Madrid vice president of product management in the Security Business & Strategy business at Juniper Networks.Security is always a challenge but even more so now when customers have mass-scale remote workforces, Madrid said. [Get regularly scheduled insights by signing up for Network World newsletters.]
Madrid cited a recent Juniper-sponsored IT survey by Vanson Bourne that found 97% of respondents said their companies faced challenges securing their organizations’ network effectively.To read this article in full, please click here
Cisco this week lost a patent infringement case brought by security vendor Centripetal Networks and was hit with a $1.9 billion judgement.A non-jury judgement from U.S. District Judge Henry Morgan determined Cisco infringed on four security patents related to encrypted traffic and packet filtering technology belonging to plaintiff Centripetal Networks. The award directs $755.8 million in actual damages, multiplied by 2.5 to reflect "willful and egregious" conduct from Cisco, the judge found. The award also includes past damages and a running royalty of 10% on the apportioned sales of the patented products for a period of three years, followed by a second three-year term with a running royalty of 5% on such sales, which could take damages from the case north of $3 billion, according to a Centripetal statement about the case.To read this article in full, please click here
As enterprise workloads continue to move off-premises and employees continue to work remotely during the COVID-19 pandemic, securing that environment remains a critical challenge for IT.At its virtual VWworld 2020 gathering, VMware detailed products and plans to help customers deal with the challenges of securing distributed enterprise resources.More about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • What SD-Branch is and why you'll need it • What are the options for securing SD-WAN?
"Amid global disruption, the key to survival for many companies has meant an accelerated shift to the cloud and, ultimately, bolting on security products in their data centers," said Sanjay Poonen, VMware's Chief Operating Officer, Customer Operations. "But legacy security systems are no longer sufficient for organizations that are using the cloud as part of their computing infrastructure. It's time to rethink security for the cloud. Organizations need protection at the workload level, not just at the endpoint."To read this article in full, please click here
VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here
VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here
The federal government's Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit.The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take "immediate and emergency action" to patch CVE-2020-1472, issued August 11.The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named "Zerologon" because of how it works.To read this article in full, please click here
If you are a security admin with lots of systems running Cisco IOS and IOS XE software today is decidedly not your day.Cisco this week posted 25 “High” rated security advisories that stem from 34 vulnerabilities the company suggests should be fixed as soon as possible. The vulnerabilities impact a wide-range of Cisco gear as IOS and IOS XE are the company’s most widely used operating systems. The warnings affect firewalls, wireless access points and switches.Network pros react to new Cisco certification curriculum
For example, one of the highest rated threats--with an 8.6 out of 10 threat level, are multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software that could let an remote attacker to cause the device to reload or stop forwarding traffic through the firewall,resulting in a denial of service (DoS).To read this article in full, please click here
The mainframe has been declared “dead”, “morphed” and “transformed” so many times over the years sometimes it’s sometimes hard to believe the Big Iron still has an identity in the enterprise world.But clearly it does and in a major way, too. [ Lessons on diversity in IT: 10 professional organizations focused on diversity in tech • Being Black in IT: 3 tech leaders share their stories • Gender gapped: The state of gender diversity in IT • Māori participation in IT: diversity insights for CIOs everywhere • IT snapshot: Ethnic diversity in the tech industry ]
Take recent news as an example: According to IBM, 75% of the top 20 global banks are running the newest z15 mainframe, and the IBM Systems Group reported a 68% gain in Q2 IBM Z revenue year-over-year.To read this article in full, please click here
Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.Because it’s a cloud service, SASE (pronounced “sassy”) can be readily scaled up and scaled down and billed based on usage. As a result, it can be an attractive option in a time of rapid change.[Get regularly scheduled insights by signing up for Network World newsletters.]
While some vendors in this space offer hardware devices to connect at-home employees and corporate data centers to their SASE networks, most vendors handle the connections through software clients or virtual appliances.To read this article in full, please click here