Archive

Category Archives for "Networking"

Announcing SCIM support for Cloudflare Access & Gateway

Announcing SCIM support for Cloudflare Access & Gateway
Announcing SCIM support for Cloudflare Access & Gateway

Today, we're excited to announce that Cloudflare Access and Gateway now support the System for Cross-domain Identity Management (SCIM) protocol. Before we dive into what this means, let's take a step back and review what SCIM, Access, and Gateway are.

SCIM is a protocol that enables organizations to manage user identities and access to resources across multiple systems and domains. It is often used to automate the process of creating, updating, and deleting user accounts and permissions, and to keep these accounts and permissions in sync across different systems.

Announcing SCIM support for Cloudflare Access & Gateway

For example, most organizations have an identity provider, such as Okta or Azure Active Directory, that stores information about its employees, such as names, addresses, and job titles. The organization also likely uses cloud-based applications for collaboration. In order to access the cloud-based application, employees need to create an account and log in with a username and password. Instead of manually creating and managing these accounts, the organization can use SCIM to automate the process. Both the on-premise system and the cloud-based application are configured to support SCIM.

When a new employee is added to, or removed from, the identity provider, SCIM automatically creates an account for that employee in the Continue reading

Zone Versioning is now generally available

Zone Versioning is now generally available
Zone Versioning is now generally available

Today we are announcing the general availability of Zone Versioning for enterprise customers. Zone Versioning allows you to safely manage zone configuration by versioning changes and choosing how and when to deploy those changes to defined environments of traffic. Previously announced as HTTP Applications, we have redesigned the experience based on testing and feedback to provide a seamless experience for customers looking to safely rollout configuration changes.

Problems with making configuration changes

There are two problems we have heard from customers that Zone Versioning aims to solve:

  1. How do I test changes to my zone safely?
  2. If I do end up making a change that impacts my traffic negatively, how can I quickly revert that change?

Customers have worked out various ways of solving these problems. For problem #1, customers will create staging zones that live on a different hostname, often taking the form staging.example.com, that they make changes on first to ensure that those changes will work when deployed to their production zone. When making more than one change this can become troublesome as they now need to keep track of all the changes made to make the exact same set of changes on the Continue reading

API-based email scanning

API-based email scanning
API-based email scanning

The landscape of email security is constantly changing. One aspect that remains consistent is the reliance of email as the beginning for the majority of threat campaigns. Attackers often start with a phishing campaign to gather employee credentials which, if successful, are used to exfiltrate data, siphon money, or perform other malicious activities. This threat remains ever present even as companies transition to moving their email to the cloud using providers like Microsoft 365 or Google Workspace.

In our pursuit to help build a better Internet and tackle online threats, Cloudflare offers email security via our Area 1 product to protect all types of email inboxes - from cloud to on premise. The Area 1 product analyzes every email an organization receives and uses our threat models to assess if the message poses risk to the customer. For messages that are deemed malicious, the Area 1 platform will even prevent the email from landing in the recipient's inbox, ensuring that there is no chance for the attempted attack to be successful.

We try to provide customers with the flexibility to deploy our solution in whatever way they find easiest. Continuing in this pursuit to make our solution as turnkey as Continue reading

New: Scan Salesforce and Box for security issues

New: Scan Salesforce and Box for security issues
New: Scan Salesforce and Box for security issues

Today, we’re sharing the release of two new SaaS integrations for Cloudflare CASB - Salesforce and Box - in order to help CIOs, IT leaders, and security admins swiftly identify looming security issues present across the exact type of tools housing this business-critical data.

Recap: What is Cloudflare CASB?

Released in September, Cloudflare’s API CASB has already proven to organizations from around the world that security risks - like insecure settings and inappropriate file sharing - can often exist across the friendly SaaS apps we all know and love, and indeed pose a threat. By giving operators a comprehensive view of the issues plaguing their SaaS environments, Cloudflare CASB has allowed them to effortlessly remediate problems in a timely manner before they can be leveraged against them.

But as both we and other forward-thinking administrators have come to realize, it’s not always Microsoft 365, Google Workspace, and business chat tools like Slack that contain an organization’s most sensitive information.

Scan Salesforce with Cloudflare CASB

The first Software-as-a-Service. Salesforce, the sprawling, intricate, hard-to-contain Customer Relationship Management (CRM) platform, gives workforces a flexible hub from which they can do just as the software describes: manage customer relationships. Whether it be tracking Continue reading

Expanding our Microsoft collaboration: proactive and automated Zero Trust security for customers

Expanding our Microsoft collaboration: proactive and automated Zero Trust security for customers
Expanding our Microsoft collaboration: proactive and automated Zero Trust security for customers

As CIOs navigate the complexities of stitching together multiple solutions, we are extending our partnership with Microsoft to create one of the best Zero Trust solutions available. Today, we are announcing four new integrations between Azure AD and Cloudflare Zero Trust that reduce risk proactively. These integrated offerings increase automation allowing security teams to focus on threats versus implementation and maintenance.

What is Zero Trust and why is it important?

Zero Trust is an overused term in the industry and creates a lot of confusion. So, let's break it down. Zero Trust architecture emphasizes the “never trust, always verify” approach. One way to think about it is that in the traditional security perimeter or “castle and moat” model, you have access to all the rooms inside the building (e.g., apps) simply by having access to the main door (e.g., typically a VPN).  In the Zero Trust model you would need to obtain access to each locked room (or app) individually rather than only relying on access through the main door. Some key components of the Zero Trust model are identity e.g., Azure AD (who), apps e.g., a SAP instance or a custom Continue reading

8 hot networking technologies for 2023

Despite the challenges posed by economic turmoil, epidemics, and political upheaval, network researchers are continuing to blaze new trails in innovation, performance, management, and security. In sum, 2023 is shaping up as a year of network evolution and transformation.Here are eight network technologies you will want to pay particularly close attention to.1. Unified SASE: Addresses hybrid workforce, hybrid clouds Unified Secure Access Service Edge (SASE) tightly integrates security and networking into a single platform. The technology uses a single-pass scanning architecture combined with a unified policy that's configured via a unified console that draws from a unified data lake. "This is significant for organizations to continue to provide a consistent and assured user experience while protecting users, devices, sites, and data amid the rapidly evolving dynamics coming in 2023," says Kelly Ahuja, CEO of networking and cybersecurity firm Versa Networks.To read this article in full, please click here

8 hot networking technologies for 2023

Despite the challenges posed by economic turmoil, epidemics, and political upheaval, network researchers are continuing to blaze new trails in innovation, performance, management, and security. In sum, 2023 is shaping up as a year of network evolution and transformation.Here are eight network technologies you will want to pay particularly close attention to.1. Unified SASE: Addresses hybrid workforce, hybrid clouds Unified Secure Access Service Edge (SASE) tightly integrates security and networking into a single platform. The technology uses a single-pass scanning architecture combined with a unified policy that's configured via a unified console that draws from a unified data lake. "This is significant for organizations to continue to provide a consistent and assured user experience while protecting users, devices, sites, and data amid the rapidly evolving dynamics coming in 2023," says Kelly Ahuja, CEO of networking and cybersecurity firm Versa Networks.To read this article in full, please click here

State of LDPv6 and 6PE

One of my readers successfully deployed LDPv6 in their production network:

We are using LDPv6 since we started using MPLS with IPv6 because I was used to OSPF/OSPFv3 in dual-stack deployments, and it simply worked.

Not everyone seems to be sharing his enthusiasm:

Now some consultants tell me that they know no-one else that is using LDPv6. According to them “everyone” is using 6PE and the future of LDPv6 is not certain.

State of LDPv6 and 6PE

One of my readers successfully deployed LDPv6 in their production network:

We are using LDPv6 since we started using MPLS with IPv6 because I was used to OSPF/OSPFv3 in dual-stack deployments, and it simply worked.

Not everyone seems to be sharing his enthusiasm:

Now some consultants tell me that they know no-one else that is using LDPv6. According to them “everyone” is using 6PE and the future of LDPv6 is not certain.

Nvidia, others promise to use new Intel Xeon processors

Intel has formally introduces its 4th Gen Intel Xeon Scalable Processors (aka Sapphire Rapids) and the Intel Max Series CPUs and GPUs, which isn’t much of a secret as we have documented the processors here already, but there are a few new features to go along with them.Those new features include a virtual machine (VM) isolation solution and an independent trust verification service to help build what it calls the “industry’s most comprehensive confidential computing portfolio.”  To read this article in full, please click here

Nvidia, others promise to use new Intel Xeon processors

Intel has formally introduces its 4th Gen Intel Xeon Scalable Processors (aka Sapphire Rapids) and the Intel Max Series CPUs and GPUs, which isn’t much of a secret as we have documented the processors here already, but there are a few new features to go along with them.Those new features include a virtual machine (VM) isolation solution and an independent trust verification service to help build what it calls the “industry’s most comprehensive confidential computing portfolio.”  To read this article in full, please click here

Tigera 2023 predictions: Cloud native security and the shifting landscape in 2023

Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated. The burgeoning threat landscape is top of mind for enterprise and midmarket business and security leaders, and should lead their decision-making—from the right solutions to implement, to the right partners to engage.

Economic conditions tightening and macroeconomic forces will continue introducing challenges in the coming year, but businesses that sustainably provide value to their customers and make security a foundational aspect of their organization will thrive.

Here are some trends I anticipate for 2023:

Cloud-native inflection point

While the last few years were dominated by early adopters who thrive in the technical playgrounds of emerging technologies, 2023 will see the ‘early majority’ of mainstream users begin adopting cloud-native architectures as the market reaches an inflection point. This inflection is driven by the accelerating accessibility and usability of the tools and technologies available, as the early majority prioritizes platforms that work easily over those with advanced functions that they likely won’t use.

“Shift left” has become Continue reading