It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue.Why converge?
The arguments for convergence remain pretty compelling:
Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business.
Both are focused on minimizing the effects of events and incidents on the business.
The streams of data they watch overlap hugely.
They often use the same systems (e.g. Splunk) in managing and exploring that data.
Both are focused on root-cause analysis based on those data streams.
Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, Continue reading
IBM is developing a SaaS package to help enterprises securely network heterogenous environments, including edge, on-prem and multicloud resources.The IBM Hybrid Cloud Mesh is a SaaS service that implements a virtualized Layer 3-7 environment to rapidly enable secure connectivity between users, applications, and data distributed across multiple locations and environments, according to Andrew Coward, general manager of IBM’s software defined networking group. In a nutshell, Hybrid Cloud Mesh deploys gateways within the clouds – including on-premises, AWS or other providers’ clouds, and transit points, if needed – to support the infrastructure, and then it builds a secure Layer 3-7 mesh overlay to deliver applications, Coward said. At the application level, the exposure to developers occurs at Layer 7, and the networking teams see Layer 3 and 4 activities, Coward said.To read this article in full, please click here
Cisco is more tightly integrating its network- and application-intelligence tools in an effort to help customers quickly diagnose and remediate performance problems.An upgrade to Cisco's Digital Experience Monitoring (DEM) platform melds the vendor’s AppDynamics application observability capabilities and ThousandEyes network intelligence with a bi-directional, OpenTelemetry-based integration package. (Read more about how to shop for network observability tools)The goal with DEM is to get business, infrastructure, networking, security operations, and DevSecOps teams working together more effectively to find the root cause of a problem and quickly address the issue, said Carlos Pereira, Cisco Fellow and chief architect in its Strategy, Incubation & Applications group. To read this article in full, please click here
Ransomware protection for on-premises systems and hyperconverged infrastructure is the goal of the latest release from “smart infrastructure” vendor Nebulon.
Cisco today announced a new finance program that encourages customers to buy products and services now without having to start paying for them till 2024.Specifically the Cisco Capital Business Acceleration Program will let customers purchasing Cisco products before July 29, 2023, and defer all payments until 2024. Payments deferred until 2024 would be based on the total amount financed and contract terms, the vendor stated.Cisco said another flexible payment option is available for its partners to let their customers buy Cisco technology today, and pay later, the vendor said in a statement.The entirety of Cisco’s portfolio is eligible for the program, including hardware, software, and services, as well as select partner services and third-party hardware. In addition the Cisco Refresh portfolio of Cisco certified remanufactured products is also eligible for organizations that want to acquire used gear, the vendor stated.To read this article in full, please click here
Amazon Web Services has launched a service that secures user access to its cloud applications without requiring a VPN.AWS Verified Access, which the company previewed last November, validates every application request using Zero Trust principles before granting access to applications. Since AWS previewed the networking service, it has added two new features: AWS Web Application Firewall (WAF) and the ability to pass signed identity context to customers’ application endpoints.To read this article in full, please click here
Security, AI, and network-as-a-service (NaaS) were top of mind for Aruba Networks execs at their Atmosphere customer conference this week.“Ten years ago for most network operators their main job was making sure connectivity was reliable and security was someone else’s problem. It was outside their perimeter," said David Hughes, senior vice president, chief product and technology officer with Aruba. "But today all perimeters have dissolved and the network has expanded,” .“The networking team is now responsible for making sure connectivity is secure from the start. Bolting it on somewhere won’t cut it anymore, it needs to be built into the network,” Hughes said.To read this article in full, please click here
Here's bad news: It's easy to buy used enterprise routers that haven’t been decommissioned properly and that still contain data about the organizations they were once connected to, including IPsec credentials, application lists, and cryptographic keys.“This leaves critical and sensitive configuration data from the original owner or operatoraccessible to the purchaser and open to abuse,” according to a white paper by Cameron Camp, security researcher, and Tony Anscombe, chief security evangelist, for security firm Eset (See: Discarded, not destroyed: Old routers reveal corporate secrets).To read this article in full, please click here
Arista Networks has rolled out a SaaS-based service aimed at helping enterprises more network access control (NAC) more easily.The service, called CloudVision Guardian for Network Identity (CV-AGNI) uses real-time telemetry from Arista’s network products, combines it with data from its CloudVision management platform, and uses artificial intelligence to evaluate the information and implement security policies. The service can also onboard new devices, authenticate existing users, segment devices on the network, or help troubleshoot problems from a cloud-based system, according to Pramod Badjate, group vice president and general manager, of Arista’s Cognitive Campus group. To read this article in full, please click here
Cisco is taking its first major step into Extended Detection and Response (XDR) with a SaaS-delivered integrated system of endpoint, network, firewall, email and identity software aimed at protecting enterprise resources.Cisco’s XDR service, which will be available July, brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.To read this article in full, please click here
Cisco’s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls.The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017. That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017. To read this article in full, please click here
The upcoming cloud system will provide an added layer of network and data handling security for companies working on national security and defense projects and collaborating through the Webex app.
Data backup and management company Cohesity today announced plans to offer an Azure OpenAI-backed chatbot as both a security analysis tool and line-of-business assistant, along with tighter integration with Active Directory, Sentinel and Purview, as part of an expanded partnership with Microsoft.To read this article in full, please click here
The transition from software-defined WAN (SD-WAN) to secure access service edge (SASE) is proving to be difficult for many enterprises, according to new research from Enterprise Management Associates (EMA).If you’re a network or security professional, you’re probably familiar with SASE, a new class of solutions that integrates SD-WAN, secure remote access, and cloud-delivered, multi-function network security. Many enterprises are now evolving their SD-WAN implementations into a SASE solution, either by adopting their SD-WAN providers’ SASE capabilities or integrating their SD-WAN with third-party, cloud-based network security solutions.To read this article in full, please click here
Tighter integration between Fortinet's SASE and SD-WAN offerings is among the new features enabled by the latest version of the company's core operating system.FortiOS version 7.4 also includes better automation across its Security Fabric environment, and improved management features.FortiOS is the operating system for the FortiGate family hardware and virtual components, and it implements Fortinet Security Fabric and includes firewalling, access control, Zero Trust, and authentication in addition to managing SD-WAN, switching, and wireless services. To read this article in full, please click here
Kyndryl, the managed IT services provider that spun out of IBM, has announced layoffs that could affect its own internal IT services.“We are eliminating some roles globally — a small percentage — to become more efficient and competitive,” said a Kyndryl spokesperson, without giving the exact number of employees affected due to the layoffs.“These actions will enable us to focus our investments in areas that directly benefit our customers and position Kyndryl for profitable growth,” the spokesperson said, adding that the company was in the process of undergoing transformation to streamline and simplify its processes and systems.Bloomberg first reported about the layoffs.To read this article in full, please click here
The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses.