Category Archives for "Network World Security"

Cisco streamlines, upgrades its SASE bundle

Cisco made enhancements to its security offerings that will expand and change the way customers buy its Secure Access Service Edge products as well as bolster network-access authentication.Cisco's SASE plan will focus on enhancing networking and security functions while building them into an integrated service that can help simplify access to enterprise cloud resources securely, said Gee Rittenhouse senior vice president and general manager of Cisco’s Security Business Group during this week's Cisco Live! event.MORE CISCO LIVE! NEWS: Cisco takes its first steps toward network-as-a-service; Cisco brings net intelligence to Catalyst switches, app-performance managementTo read this article in full, please click here

Report: 5G network slicing could leave flaws for bad actors to exploit

5G networks that incorporate legacy technology could be vulnerable to compromise via a lack of mapping between transport and application layers, according to a report by Ireland-based AdaptiveMobile Security. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises Network slicing is central to realizing many of 5G’s more ambitious capabilities because it enables individual access points or base stations to subdivide networks into multiple logical sections—slices—effectively providing entirely separate networks for multiple uses. The slices can be used for different purposes—say, mobile broadband for end-users and massive IoT connectivity—at the same time, without interfering with each other.To read this article in full, please click here

VMware bolsters cloud app security with Mesh7 buy

With a goal of making distributed applications more secure, VMware has announced plans to buy security vendor Mesh7 for an undisclosed amount.Combining the acquisition with its other security wares, VMware aims to address modern applications that require reliable connectivity, dynamic service discovery, and the ability to automate changes quickly without disruption as they extend across multi-cloud environments, said Tom Gillis, senior vice president and general manger with VMware's networking and security business unit, in a blog about the Mesh7 acquisition.To read this article in full, please click here

Ransomware: How to make sure backups are ready for a real attack

The best way to avoid paying ransom to attackers who have infected your systems with ransomware is to have those systems adequately backed up so you can wipe them and restore them from safe backups. Here are several options for making sure those backups are up to the task.In this article, backup refers to any system that you're going to use to respond to a ransomware attack, including old-school backup systems, replication systems, and modern hybrid systems that support backup and disaster recover. For simplicity’s sake, they’ll all be referred to as backup here. More about backup and recovery:To read this article in full, please click here

Top enterprise data center trends you need to know

Data-center networking was already changing prior to the technology challenges brought on by the COVID-19 pandemic, and few areas of the enterprise will continue to be affected more than data centers by those modifications in the future.That’s because myriad technologies are driving changes in the data center—everything from heavy demand for higher-speed networking, support for a remote workforce, increased security, tighter management and perhaps the biggest alteration—the prolific growth of cloud services.To read this article in full, please click here

5 free network-vulnerability scanners

Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.To read this article in full, please click here

WAN challenges steer auto-rental firm to SASE

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner. Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here

Cisco issues 3 critical warnings around ACI, NS-OX security holes

Cisco has issued three security advisories rated “critical” for some of its high-end software systems—two aimed at its Application Services Engine (ASE) implementation and one at the NX-OS operating system.The most concerning warning came for Cisco Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) installed with the ASE which was rated a worse-case scenario, 10 out of a possible 10 on the Common Vulnerability Scoring System (CVSS).  The ACI Multi-Site Orchestrator lets customers control application-access policies across Cisco Application Policy Infrastructure Controller-based fabrics.To read this article in full, please click here

IoT security tips and a cautionary tale

You will have more connected devices than ever on your network in 2021, especially if you’re in healthcare, retail, or logistics, industries that are among the early adopters of the Internet of Things (IoT). You’ll have devices on your network edge, in your headquarters, on vehicles, in machinery, in your stores, in employees’ homes, and on public property.And there’s a good chance that some or many of these IoT devices have built-in security vulnerabilities that can endanger your network. In trying to capitalize on the voracious global appetite for connected commercial devices, many IoT manufacturers and developers are shoveling out enterprise IoT devices with, shall we say, varying levels of regard for security.To read this article in full, please click here

Palo Alto grows cloud security portfolio with new Prisma release, Bridgecrew buy

Palo Alto had a busy week. First, it rolled out a number of new features for its Prisma cloud-based security package, and then it announced plans to buy cloud security vendor Bridgecrew for about $156 million in cash.Palo Alto's Prisma is a cloud-based security package that includes access control, advanced threat protection, user behavior monitoring and other services that promise to protect enterprise applications and resources. Managed through a single console, Prisma includes firewall as a service, zero-trust network access, a cloud access security broker and a secure web gateway.To read this article in full, please click here

How COVID-19 is shaping enterprise networking

The COVID-19 pandemic has influenced the networking arena in a number of ways, including the rise of fully automated remote offices, the need to support a "branch of one," and the growth of new communications software tools."One of the biggest trends we are seeing is business agility. That is, IT looking at the tech they have deployed and evaluating it not just in terms of speeds and feeds, but how agile it is to handle whatever's coming next," said Todd Nightingale, Cisco's Enterprise Networking & Cloud business chief. "Software APIs are a huge part of that trend, because it is amazingly easier to handle changes through APIs and software that make it possible to change things in a day rather than months."To read this article in full, please click here

Cisco AppDynamics software melds security, application management

Cisco AppDynamics is making it easier for customers to integrate security features with application development to help customers detect threats, identify non-standard application behavior, and block attacks.The company is adding software, called Cisco Secure Application, to the AppDynamics platform to correlate security and application information by scanning code execution for known exploits. Vulnerability data is shared with application and security operations teams so that together they can prioritize, execute, and track remediation efforts. Read more: How AI can create self-driving data centersTo read this article in full, please click here

Arista embraces segmentation as part of its zero-trust security

Arista has expanded its security software to let customers control authorized network access and communication between groups from the data center to the cloud.The new software, Macro-Segmentation Service (MSS)-Group, expands the company’s MSS security-software family, which currently includes MSS Firewall for setting security policies across customer edge, data-center and campus networks. Additionally, the company’s MSS Host focuses on data-center security policies.See how AI can boost data-center availability and efficiency MSS software works with Arista Extensible Operating System (EOS) and its overarching CloudVision management software to provide network-wide visibility, orchestration, provisioning and telemetry across the data center and campus. CloudVision’s network information can be utilized by Arista networking partners including VMware, Microsoft and IBM’s Red Hat.To read this article in full, please click here

Cisco tags critical security holes in SD-WAN software

Cisco has noted and fixed two critical and a number of high-degree vulnerabilities in its SD-WAN software portfolio.Most of the vulnerabilities could let an authenticated attacker execute command injection attacks against an affected device, which could let the attacker utilize root privileges on the device.The first critical problem–with a Common Vulnerability Scoring System rating of 9.9 out of 10–is  vulnerability in the web-based management interface of Cisco SD-WAN vManage Software. “This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.”To read this article in full, please click here

Lessons that insurrection selfies hold for legitimate enterprises

The pro-Trump rioters who invaded the Capitol on January 6 came with smartphones to record and celebrate what they thought was a righteous effort to prevent president-elect Joe Biden from taking office two weeks later.Now those electronic devices, along with the GPS data they generated, are being used to track the location of rioters within the building as federal law enforcement officials continue to make arrests and build criminal cases.Among the acts being investigated: breaking through police barriers, smashing windows, and assaulting police officers and media members. Five people died including a Capitol Hill police officer who was bludgeoned with a fire extinguisher.To read this article in full, please click here

Wi-Fi: How to deploy 802.1x authentication using WPA3-Enterprise

Wi-Fi Protected Access 3 (WPA3) has brought significant security improvements to Wi-Fi networks, particularly WPA-3Enterprise, which includes tweaks to make authenticating to the network more secure. One of these is has to do with 802.1x authentication that is used to determine whether Wi-Fi clients will be granted access to the enterprise network. Wi-Fi resources Test and review of 4 Wi-Fi 6 routers: Who’s the fastest? How to determine if Wi-Fi 6 is right for you Five questions to answer before deploying Wi-Fi 6 Wi-Fi 6E: When it’s coming and what it’s good for The enterprise mode of WPA has always allowed you to give each user a unique username/password to login to the Wi-Fi or to utilize unique digital certificates for each user to install on devices for even more security. Now with WPA3-Enterprise, the security is increased as clients are now required to make sure it’s communicating with the real authentication server before sending login credentials. That verification was optional with the earlier two versions of WPA.To read this article in full, please click here