Multi-site with Cross-VC NSX and Palo Alto Networks Security

In a prior post, Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites, we discussed how Cross-VC NSX provides micro-segmentation and consistent security across multiple sites. We looked at five reasons to seriously consider Cross-VC NSX for a multi-site solution in terms of security alone: centralized management, consistent security across vCenter domains/sites, security policies follow the workload(s), ease of security automation across vCenter domains/sites, and enhanced disaster recovery use case. In this post, we’ll discuss how advanced third party security services can also be leveraged in a Cross-VC NSX environment. 

Prior Cross-VC NSX Blogs:
Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites
Cross-VC NSX: Multi-site Deployments with Ease and Flexibility
NSX-V: Multi-site Options and Cross-VC NSX Design Guide
Enhanced Disaster Recovery with Cross-VC NSX and SRM
Cross-VC NSX for Multi-site Solutions

NSX provides a solid platform for security in general: inherent isolation via logical networks, micro-segmentation via distributed firewall, edge firewall capabilities, third party guest introspection services, third party network introspection services, and a robust security policy orchestration and automation framework.

With Cross-VC NSX, micro-segmentation and consistent security policies for workloads expands beyond a single vCenter boundary. Typically, customers who have multiple sites also have multiple vCenters – at least one vCenter Continue reading

IDG Contributor Network: Mobile IoT provider applies military techniques to improve IoT resiliency

The military knows how to operate in chaotic situations.Where should resources be deployed? How should isolated platoons be managed? How should field units and central command coordinate activities when communication lines are broken? How can communications be secured? How can systems be made more resilient?  Many military techniques can be adpated to enhance IoT resiliency.Lessons from the Art of War Military communications or “comms" are activities, equipment and tactics the military uses on the battlefield. They include measurement systems, cryptography and robust communication channels. Military doctrine combines centralized intent with decentralized execution. Four key design principles are applied:To read this article in full or to leave a comment, please click here

SIEM Market Dynamics in Play

When I started focusing on the security market 14 years ago, the SIEM market was burgeoning market populated by vendors such as CA, e-Security, Intellitactics, and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived, and changed every few years.  SIEM started as a central repository for event correlation for perimeter security devices.  It then morphed into a reporting engine for governance and compliance.  In a subsequent phase, SIEM became more of a query and log management tools for security analysts. Fast forward to 2016 and SIEM has taken on a much bigger scope – an enterprise software platform that anchors security operations centers (SOCs).  In this role, SIEM platforms can also include:To read this article in full or to leave a comment, please click here

SIEM market dynamics in play

When I started focusing on the security market 14 years ago, the security information and event management (SIEM) market was a burgeoning market populated by vendors such as CA, e-Security, Intellitactics and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived and changed every few years. SIEM started as a central repository for event correlation for perimeter security devices. It then morphed into a reporting engine for governance and compliance. In a subsequent phase, SIEM became more of a query and log management tool for security analysts. Fast forward to 2016, and SIEM has taken on a much bigger scope—an enterprise software platform that anchors security operations centers (SOCs). In this role, SIEM platforms can also include:To read this article in full or to leave a comment, please click here

Worth Reading: Long secret Stingray manuals detail phone spying

Harris Corp’s Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. —The Intercept

The post Worth Reading: Long secret Stingray manuals detail phone spying appeared first on 'net work.

Researchers demonstrate remote attack against Tesla Model S

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other."As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."To read this article in full or to leave a comment, please click here

Researchers demonstrate remote attack against Tesla Model S

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other."As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."To read this article in full or to leave a comment, please click here

IDG Contributor Network: EU will offer free Wi-Fi in villages and towns

If you’re in the Wi-Fi network installation business in Europe, you might be about to get extremely busy. The head of the politico-economic union said its member states will be investing dramatically in Wi-Fi connectivity. The reason: to “empower” its subjects.“Every European village and every city” will be equipped with a total of an equivalent of 134 million dollars-worth of non-payment, free wireless Internet by 2020.” The installs will occur around the “main centers of public life,” Jean-Claude Juncker, president of the European Union’s executive body, said in a state of the union address a few days ago.To read this article in full or to leave a comment, please click here

Triple-helix touted for tech growth

Jyväskylä, Finland -- The 11th European Conference on Innovation and Entrepreneurship was held last week at this picturesque university town in the central Finnish “Lake District.”Stanford University’s Henry Etzkovitz gave the opening keynote on “Triple Helix Innovation in a Crisis.”Etzkovitz originated the concept of “Triple Helix,” for the combined efforts of government, industry, and academia in regional economic development. He declared that in the knowledge era, the academic strand of the helix is the critical component.Cities and regions who deploy their academic resources wisely will prosper most in an era of global economic turmoil. “The entrepreneurial university” in particular can drive innovation because of its continuous waves of students, who can work on faculty-directed projects that do not have to meet direct economic goals, as corporations do.To read this article in full or to leave a comment, please click here

59% off Panasonic ErgoFit In-Ear Comfort Fit Noise Isolating Earbuds – Deal Alert

If you believe the reviewers on Amazon, you may not find a better sounding pair of earbuds at this price point, which at the current 59% discount is just $11.99. The ErgoFit earbuds from Panasonic are designed to fit comfortably and securely in your ear, isolating outside noise while delivering great sound with a wider frequency range than most comparable buds. The earbuds come in various colors and features a generous 3.6 ft. cord that easily fits through or around your clothes, coats and bags. The ErgoFit earbuds average 4.5 stars from nearly 36,000 people on Amazon (read reviews) which lends some credibility to Panasonic's claim that the earbuds deliver dynamic, crystal clear sound while successfully blocking ambient noise. Its typical list price of $29 has been reduced 59% to just $11.99.To read this article in full or to leave a comment, please click here

61% off Panasonic ErgoFit In-Ear Comfort Fit Noise Isolating Earbuds – Deal Alert

If you believe the reviewers on Amazon, you may not find a better sounding pair of earbuds at this price point, which at the current 61% discount is just $11.24. The ErgoFit earbuds from Panasonic are designed to fit comfortably and securely in your ear, isolating outside noise while delivering great sound with a wider frequency range than most comparable buds. The earbuds come in various colors and features a generous 3.6 ft. cord that easily fits through or around your clothes, coats and bags. The ErgoFit earbuds average 4.5 stars from nearly 36,000 people on Amazon (read reviews) which lends some credibility to Panasonic's claim that the earbuds deliver dynamic, crystal clear sound while successfully blocking ambient noise. Its typical list price of $29 has been reduced 61% to just $11.24.To read this article in full or to leave a comment, please click here

Figuring out the screwy smartphone pricing on Glyde

With the release of the iPhone 7, I was hoping to get a bargain on the iPhone 6 Plus. There was nothing in the 6S that appealed to me, and the 6 would be cheaper. So, I checked out the iPhone offerings on Glyde, where I have done business before to my satisfaction. As of last Wednesday, an iPhone 6 Plus, 16GB, on AT&T was $374. I decided to wait for a price drop. Two days later, the price fell remarkably to $311. Well, that's going in the right direction. I decided to wait for more changes. The next day, last Saturday, the price spiked to $455. That's definitely going in the wrong direction.To read this article in full or to leave a comment, please click here

Masergy Resells Silver Peak’s SD-WAN

UK’s Interoute will also resell Silver Peak’s SD-WAN.

Researchers remotely hack Tesla Model S while it is being driven

Chinese researchers from Keen Security Lab of Tencent announced that they could chain multiple vulnerabilities together which allowed them to remotely hack the Tesla Model S P85 and 75D from as far as 12 miles away.The researchers said: As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.To read this article in full or to leave a comment, please click here

Researchers remotely hack Tesla Model S while it is being driven

Chinese researchers from Keen Security Lab of Tencent announced that they could chain multiple vulnerabilities together, which allowed them to remotely hack the Tesla Model S P85 and 75D from as far as 12 miles away.The researchers said: As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.To read this article in full or to leave a comment, please click here

Blue Medora’s SaaS Combines Database and Cloud Infrastructure Monitoring

One of the few companies that monitors virtualized databases.

In Chicago on October 26? Come think about SD-WAN with me.

On October 26, 2016 at 5:30p, I’m speaking to a couple of Chicago-based MeetUp groups banding together to hear me discuss implementing SD-WAN. Sign up here. Or here.

The talk will be held at Cisco Systems Building – SkylineATS, 9501 Technology Blvd. 3rd Floor, Rosemont, IL.

This SD-WAN discussion is aimed at network engineers and other technologists who need to understand and recommend technology solutions for their organizations, as well as those who need to make the silly things vendors sell us actually work.

My goal is to make sure you’ve got plenty to think about as you explore SD-WAN. The talk will take away some of the, “You don’t know what you don’t know.”

I’ll cover the following.

• An overview of what SD-WAN really is.
• Integrating WAN optimization and SD-WAN.
• Managing existing private WAN contracts.
• Managing your own internal SLAs.
• Relating SD-WAN to XaaS you might be using.
• Considerations for multi-tenant environments.
• Handling deep packet inspection requirements.
• Leveraging TDM and other non-Ethernet circuits.
• Bandwidth scaling.
• WAN circuit design recommendations.
• Integration with your existing routing domain.
• A list of SD-WAN vendors & their products.

I hope to see you there.

Introducing TLS 1.3

CloudFlare is turbocharging the encrypted internet

The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. The reason for this speed boost is TLS 1.3, a new encryption protocol that improves both speed and security for Internet users everywhere. As of today, TLS 1.3 is available to all CloudFlare customers.

The Encrypted Internet

Many of the major web properties you visit are encrypted, which is indicated by the padlock icon and the presence of “https” instead of “http” in the address bar. The “s” stands for secure. When you connect to an HTTPS site, the communication between you and the website is encrypted, which makes browsing the web dramatically more secure, protecting your communication from prying eyes and the injection of malicious code. HTTPS is not only used by websites, it also secures the majority of APIs and mobile application backends.

The underlying technology that enables secure communication on the Internet is a protocol called Transport Layer Security (TLS). Continue reading

Encryption Week

Since CloudFlare’s inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we’ve made CloudFlare the easiest way to enable encryption for web properties and internet services. From the launch of Universal SSL, which gives HTTPS to millions of sites for free, to the Origin CA, which helps customers encrypt their origin servers, to the “No Browser Left Behind” initiative, which ensures that the encrypted Internet is available to everyone, CloudFlare has pushed to make Internet encryption better and more widespread.

This week we are introducing three features that will dramatically increase both the quality and the quantity of encryption on the Internet. We are are happy to introduce TLS 1.3, Automatic HTTPS Rewrites, and Opportunistic Encryption throughout this week. We consider strong encryption to be a right and fundamental to the growth of the Internet, so we’re making all three of these features available to all customers for free.

Every day this week there will be new technical content on this blog about these features. We're calling it Encryption Week.

TLS 1.3: Faster and more secure

HTTPS is the standard for web Continue reading

Obama administration rolls out policy for self-driving vehicles

The administration of U.S. President Barack Obama on Monday released an overview of the federal government's automated vehicles policy, which includes a checklist for makers on various aspects of the cars they are developing, as well as guidelines to states on evolving a common framework for regulating the new technologies.“Automated vehicles have the potential to save tens of thousands of lives each year,” wrote Obama in an op-ed in the Pittsburgh Post-Gazette on Monday. “Safer, more accessible driving. Less congested, less polluted roads. That’s what harnessing technology for good can look like. But we have to get it right,” he added.To read this article in full or to leave a comment, please click here