API-based email scanning
The landscape of email security is constantly changing. One aspect that remains consistent is the reliance of email as the beginning for the majority of threat campaigns. Attackers often start with a phishing campaign to gather employee credentials which, if successful, are used to exfiltrate data, siphon money, or perform other malicious activities. This threat remains ever present even as companies transition to moving their email to the cloud using providers like Microsoft 365 or Google Workspace.
In our pursuit to help build a better Internet and tackle online threats, Cloudflare offers email security via our Area 1 product to protect all types of email inboxes - from cloud to on premise. The Area 1 product analyzes every email an organization receives and uses our threat models to assess if the message poses risk to the customer. For messages that are deemed malicious, the Area 1 platform will even prevent the email from landing in the recipient's inbox, ensuring that there is no chance for the attempted attack to be successful.
We try to provide customers with the flexibility to deploy our solution in whatever way they find easiest. Continuing in this pursuit to make our solution as turnkey as Continue reading
New: Scan Salesforce and Box for security issues
Today, we’re sharing the release of two new SaaS integrations for Cloudflare CASB - Salesforce and Box - in order to help CIOs, IT leaders, and security admins swiftly identify looming security issues present across the exact type of tools housing this business-critical data.
Recap: What is Cloudflare CASB?
Released in September, Cloudflare’s API CASB has already proven to organizations from around the world that security risks - like insecure settings and inappropriate file sharing - can often exist across the friendly SaaS apps we all know and love, and indeed pose a threat. By giving operators a comprehensive view of the issues plaguing their SaaS environments, Cloudflare CASB has allowed them to effortlessly remediate problems in a timely manner before they can be leveraged against them.
But as both we and other forward-thinking administrators have come to realize, it’s not always Microsoft 365, Google Workspace, and business chat tools like Slack that contain an organization’s most sensitive information.
Scan Salesforce with Cloudflare CASB
The first Software-as-a-Service. Salesforce, the sprawling, intricate, hard-to-contain Customer Relationship Management (CRM) platform, gives workforces a flexible hub from which they can do just as the software describes: manage customer relationships. Whether it be tracking Continue reading
Expanding our Microsoft collaboration: proactive and automated Zero Trust security for customers
As CIOs navigate the complexities of stitching together multiple solutions, we are extending our partnership with Microsoft to create one of the best Zero Trust solutions available. Today, we are announcing four new integrations between Azure AD and Cloudflare Zero Trust that reduce risk proactively. These integrated offerings increase automation allowing security teams to focus on threats versus implementation and maintenance.
What is Zero Trust and why is it important?
Zero Trust is an overused term in the industry and creates a lot of confusion. So, let's break it down. Zero Trust architecture emphasizes the “never trust, always verify” approach. One way to think about it is that in the traditional security perimeter or “castle and moat” model, you have access to all the rooms inside the building (e.g., apps) simply by having access to the main door (e.g., typically a VPN). In the Zero Trust model you would need to obtain access to each locked room (or app) individually rather than only relying on access through the main door. Some key components of the Zero Trust model are identity e.g., Azure AD (who), apps e.g., a SAP instance or a custom Continue reading
IT Lessons Learned from Southwest Airlines’ Winter Plight
Severe weather and outdated software systems led to an estimated $825M loss for the airline, exposing operational risks that can arise if technology is not updated.State of LDPv6 and 6PE
One of my readers successfully deployed LDPv6 in their production network:
We are using LDPv6 since we started using MPLS with IPv6 because I was used to OSPF/OSPFv3 in dual-stack deployments, and it simply worked.
Not everyone seems to be sharing his enthusiasm:
Now some consultants tell me that they know no-one else that is using LDPv6. According to them “everyone” is using 6PE and the future of LDPv6 is not certain.
State of LDPv6 and 6PE
One of my readers successfully deployed LDPv6 in their production network:
We are using LDPv6 since we started using MPLS with IPv6 because I was used to OSPF/OSPFv3 in dual-stack deployments, and it simply worked.
Not everyone seems to be sharing his enthusiasm:
Now some consultants tell me that they know no-one else that is using LDPv6. According to them “everyone” is using 6PE and the future of LDPv6 is not certain.
Boosting CX Through Intelligent Asset Management
Implementing a robust maintenance and support strategy can guard against unplanned outages that create major problems for asset owners and operators.Proxmox VM Bridge Port Mirror
https://codingpackets.com/blog/proxmox-vm-bridge-port-mirror
IAM is the Perimeter
A colleague of mine recently quiped, "'The perimeter' in AWS is actually defined by Identity and Access Management (IAM)." After some reflection, I think my colleague is spot on.
Ask JJX: Can ChatGPT Teach Me Wireless Security?
Happy new year, and welcome to the first edition of “Ask JJX.” I had a few questions to pick from (and I’ll try to work through as many as I can) but this inquiry quite literally made me laugh out loud. “Your book is really long. Can I just use ChatGPT to learn about wireless […]
The post Ask JJX: Can ChatGPT Teach Me Wireless Security? appeared first on Packet Pushers.
Tigera 2023 predictions: Cloud native security and the shifting landscape in 2023
Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated. The burgeoning threat landscape is top of mind for enterprise and midmarket business and security leaders, and should lead their decision-making—from the right solutions to implement, to the right partners to engage.
Economic conditions tightening and macroeconomic forces will continue introducing challenges in the coming year, but businesses that sustainably provide value to their customers and make security a foundational aspect of their organization will thrive.
Here are some trends I anticipate for 2023:
Cloud-native inflection point
While the last few years were dominated by early adopters who thrive in the technical playgrounds of emerging technologies, 2023 will see the ‘early majority’ of mainstream users begin adopting cloud-native architectures as the market reaches an inflection point. This inflection is driven by the accelerating accessibility and usability of the tools and technologies available, as the early majority prioritizes platforms that work easily over those with advanced functions that they likely won’t use.
“Shift left” has become Continue reading
Day Two Cloud 177: IT Security Is Broken; Here’s Ideas On How To Fix It
IT security is broken. Vendors ship insecure products, customers have to bolt on and then operate more and more security products, compliance and regulatory requirements don't necessarily make things safer, and getting business done always takes priority over securing systems and data. On today's Day Two Cloud podcast, guest Mick Douglas shares ideas on how to make security less excruciating and more effective.
The post Day Two Cloud 177: IT Security Is Broken; Here’s Ideas On How To Fix It appeared first on Packet Pushers.
Day Two Cloud 177: IT Security Is Broken; Here’s Ideas On How To Fix It
IT security is broken. Vendors ship insecure products, customers have to bolt on and then operate more and more security products, compliance and regulatory requirements don't necessarily make things safer, and getting business done always takes priority over securing systems and data. On today's Day Two Cloud podcast, guest Mick Douglas shares ideas on how to make security less excruciating and more effective.Four Key Requirements for Multi-Cloud Networking Success
Enterprises that keep simplicity, unity, and automation in mind while creating a multi-cloud networking strategy will alleviate the burden on their IT teams and see the most efficient results.Azure Host-Based Networking: vNIC Interface Architecture – Synthetic Interface and Virtual Function
Before moving to the Virtual Filtering Platform (VFP) and Accelerated
Network (AccelNet) section, let’s look at the guest OS vNIC interface
architecture. When we create a VM, Azure automatically attaches a virtual NIC
(vNIC) to it. Each vNIC has a synthetic interface, a VMbus device, using a
netvsc driver. If the Accelerated Networking (AccelNet) is disabled on a VM,
all traffic flows pass over the synthetic interface to the software switch.
Azure hosts servers have Mellanox/NVIDIA Single Root I/O Virtualization
(SR-IOV) hardware NIC, which offers virtual instances, Virtual Function (VF),
to virtual machines. When we enable AccelNet on a VM, the mlx driver is
installed to vNIC. The mlx driver version depends on an SR-IOV type. The mlx
driver on a vNIC initializes a new interface that connects the vNIC to an
embedded switch on a hardware SR-IOV. This VF interface is then associated with
the netvsc interface. Both interfaces use the same MAC address, but the IP
address is only associated with the synthetic interface. When AccelNet is
enabled, VM’s vNIC forwards VM data flows over the VF interface via the
synthetic interface. This architecture allows In-Service Software Updates
(ISSU) for SR-IOV NIC drivers.
Note! Exception
traffic, a data flow with no flow entries on a UFT/GFT, is forwarded through VFP
in order to create flow-action entries to UFT/GFT.
Figure 1-1: Azure Host-Based SDN Building Blocks.
Continue reading