Hello EVERYONE I’m back! Let me share a random “update from the FIshBowl”. 🙂 So many things I have been working on and doing that I am just beyond excited to share. So expect lots of upcoming blogs and YouTube... Read More ›
The post Update From the FishBowl appeared first on Networking with FISH.
This second blog on Cumulus looks at basic layer2 functionality in Cumulus Linux.
We’re pleased to announce another close collaboration between NSX-T 3.2, vRealize Network Insight Cloud, and vRealize Network Insight 6.4 in this latest release. As enterprises strive for the latest in cloud networking, the network management piece combines the end-user experience, applications, and technology to provide the visibility needed to ensure applications are consistently performing and secure. As we know, broad network observability is a critical step in securing the infrastructure.
vRealize Network Insight Cloud is available as a SaaS or on-premises solution for end-to-end network visibility, troubleshooting, and analytics. It works closely with NSX-T 3.2. vRealize Network Insight Cloud also helps optimize multi-cloud network performance with troubleshooting capabilities for applications, virtual machines, physical servers, or Kubernetes.
Customers use NSX Federation to scale across different locations globally, making it easier to create hierarchies and dramatically simplifying management. vRealize Network Insight Cloud now supports network visibility for NSX Federation. This new feature will enable customers to leverage views across multiple NSX-T data centers at the global, regional, and local site levels. Several new cross-site VM to VM paths will be available, including inter-site VM-VM paths, intra-site VM-VM paths, VM-VM across sites with NAT, VM-VM paths across Continue reading
Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers.
Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers.
“Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“
– Umesh Mahajan, SVP, GM (Networking and Security Business Unit)
This blog captures critical enhancements NSX-T 3.2 delivers from a security perspective. And stay tuned —we’ll follow up with more detailed blogs on Continue reading
We’re excited to announce VMware NSX-T 3.2, one of the largest NSX releases so far. NSX-T 3.2 includes key innovations across multi-cloud security, scale-out networking for containers, VMs, and physical workloads. It also delivers simplified operations that help enterprises achieve a one-click, public cloud experience wherever their workloads are deployed.
NSX-T 3.2 provides strong, multi-cloud, easy-to-operationalize network defenses that secure application traffic within and across clouds. NSX-T 3.2 goes a step further in making it easy to enable Zero Trust application access across multi-cloud environments — enabling customers to secure traffic across applications and individual workloads with security controls that are consistent, automated, attached to the workload, and elastic in scale.
Network traffic analysis (NTA) and sandboxing solutions are integrated directly into the NSX Distributed Firewall (DFW). NSX eliminates traffic hairpins by distributing NTA as a service within the hypervisor. Combined with distributed IDS/IPS capabilities, security teams can now virtualize the entire security stack and eliminate blind spots while allowing security policies and controls to follow workflows throughout their lifecycle, regardless of the underlying infrastructure.
The enhanced gateway firewall serves as a software-based gateway with L2-L7 controls — including URL filtering and advanced threat prevention with malware analysis and sandboxing. This extends centralized security controls to physical workloads, the data center perimeter, and the public cloud edge — ensuring consistent security controls across both east-west and north-south application traffic Continue reading
We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional security.
Cloudflare protects your applications from malicious traffic, speeds up connections, and keeps bad actors out of your network. The logs we produce from our products help customers answer questions like:
Storage on R2 adds to our existing suite of logging products. Storing logs on R2 fills in gaps that our customers have been asking for: a cost-effective solution to store logs for any of our products for any period of time.
Let’s rewind to the early 2000s. Most organizations were running their own self-managed infrastructure: network devices, firewalls, servers and all the associated software. Each company has to manage logs coming from hundreds of sources in the IT stack. With dedicated storage needed for retaining Continue reading
Your team can now use Cloudflare’s Browser Isolation service to protect against phishing attacks and credential theft inside the web browser. Users can browse more of the Internet without taking on the risk. Administrators can define Zero Trust policies to prohibit keyboard input and transmitting files during high risk browsing activity.
Earlier this year, Cloudflare Browser Isolation introduced data protection controls that take advantage of the remote browser’s ability to manage all input and outputs between a user and any website. We’re excited to extend that functionality to apply more controls such as prohibiting keyboard input and file uploads to avert phishing attacks and credential theft on high risk and unknown websites.
Administrators protecting their teams from threats on the open Internet typically implement a Secure Web Gateway (SWG) to filter Internet traffic based on threat intelligence feeds. This is effective at mitigating known threats. In reality, not all websites fit neatly into malicious or non-malicious categories.
For example, a parked domain with typo differences to an established web property could be legitimately registered for an unrelated product or become weaponized as a phishing attack. False-positives are tolerated by risk-averse administrators but come at the Continue reading
Data localisation has gotten a lot of attention in recent years because a number of countries see it as a way of controlling or protecting their citizens’ data. Countries such as Australia, China, India, Brazil, and South Korea have or are currently considering regulations that assert legal sovereignty over their citizens’ personal data in some fashion — health care data must be stored locally; public institutions may only contract with local service providers, etc.
In the EU, the recent “Schrems II” decision resulted in additional requirements for companies that transfer personal data outside the EU. And a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.
Cloudflare is committed to helping our customers keep personal data in the EU. Last year, we introduced the Data Localisation Suite, which gives customers control over where their data is inspected and stored.
Today, we’re excited to introduce the Customer Metadata Boundary, which expands the Data Localisation Suite to ensure that a customer’s end user traffic metadata stays in the EU.
“Metadata” can be a scary term, but it’s a simple concept — it just means “data about data.” In other Continue reading
We all go through stressful situations at work. It is important to find ways to manage stress and relieve the symptoms of it when we are feeling overwhelmed. In this blog post, we will discuss how Vitamin C can improve your resilience in stressful situations at work. We will share with you the benefits of taking a Vitamin C supplement and explain why it is important for workplace health. Let’s get started.
Vitamin C is an essential nutrient that our body cannot produce on its own. We need to get Vitamin C from dietary sources or supplements, because it plays a key role in many processes of the human body. It strengthens the immune system and helps with wound healing by forming collagen (the protein found in connective tissues). Vitamin C also supports healthy vision and bone health. At work, we are exposed to all kinds of stressors which deplete our bodies’ stores of nutrients like Vitamin C. This can result in reduced immunity and poor recovery after illness or injury – both conditions that make us less productive at work! There are some simple ways you can improve your resilience when faced with Continue reading
The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.
Jeff Tantsura provided the first dose of reality:
All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.
Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):