Cloudflare’s New Magic WAN Is A Familiar Trick
Cloudflare is building out its network and security services offerings to compete with SASE and CASB providers. The new Magic WAN and Magic Firewall offerings let customers direct traffic from branch offices, remote workers, and data centers to Cloudlfare's infrastructure for WAN transport and security inspection.
The post Cloudflare’s New Magic WAN Is A Familiar Trick appeared first on Packet Pushers.
The Hedge 76: Frederico Lucifredi and the Taxonomy of Indecision
Decision making, especially in large organizations, fails in many interesting ways. Understanding these failure modes can help us cope with seemingly difficult situations, and learn how to make decisions better. On this episode of the Hedge, Frederico Lucifredi, Ethan Banks, and Russ White discuss Frederico’s thoughts on developing a taxonomy of indecision. You can find his presentation on this topic here.
3 Things SONiC Needs To Flourish In The Enterprise
Gartner is bullish on the SONiC network OS, but three things need to happen if enterprises are going to adopt SONiC in significant numbers.
The post 3 Things SONiC Needs To Flourish In The Enterprise appeared first on Packet Pushers.
Witness VMware Disrupt Enterprise Data Center Security at XFD5
The security industry needs to wake up. Today’s attackers are too numerous and too determined to get caught by simple perimeter defenses. It’s no longer a matter of if an attack will be successful, it’s a matter of when. Security pros need to recognize this reality, stop using archaic detect and respond approaches to secure the enterprise, and start focusing on blocking the spread of attacks once they make that initial breach.
Changing the industry won’t be easy. It will require a bold step — one that we believe we’ve taken at VMware with our distributed, software-defined approach to enterprise security. This approach gives us the ability to operationalize east-west security at scale, simplify the implementation of segmentation in just a few steps, and insert advanced threat prevention inside the data center.
We’ll showcase these latest security advances on Thursday, March 25, starting at at 2:00 pm PST. Broadcasting live around the world during Security Field Day 5, NSX security experts will run through simple, practical steps that security teams can take to meet Continue reading
Day Two Cloud 090: Hashicorp Vault For Beginners
HashiCorp Vault is a management tool that stores and controls access to sensitive data (passwords, certificates, API keys, and so on). Today's Day Two Cloud is a deep dive on Vault and its use cases. This is an unsponsored show that came together unexpectedly due to a scheduling issue.
The post Day Two Cloud 090: Hashicorp Vault For Beginners appeared first on Packet Pushers.
Day Two Cloud 090: Hashicorp Vault For Beginners
HashiCorp Vault is a management tool that stores and controls access to sensitive data (passwords, certificates, API keys, and so on). Today's Day Two Cloud is a deep dive on Vault and its use cases. This is an unsponsored show that came together unexpectedly due to a scheduling issue.What to Know About Data Center Overlay Networks
Overlay Networks are not new by any means but are becoming more and more main-stream across multiple places-in-the-network (PINs). While...
The post What to Know About Data Center Overlay Networks appeared first on Pluribus Networks.
Announcing Cloudflare’s Data Loss Prevention platform
Today, we’re excited to announce that your team can use Cloudflare’s network to build Zero Trust controls over the data in your enterprise - wherever it lives and however it moves.
Stopping data loss is difficult for any team and that challenge has become harder as users have left offices and data has left on-premise storage centers. Enterprises can no longer build a simple castle-and-moat around their data. Users now connect from any location on the planet to applications that live in environments outside of that enterprise’s control.
We have talked to hundreds of customers who have resorted to applying stopgap measures to try and maintain that castle-and-moat model in some form, but each of those band-aids slow down their users or drive up costs - or both. Almost all of the short-term options available combine point solutions that ultimately force traffic to backhaul through a central location.
Part of Cloudflare One, Cloudflare’s approach to data loss prevention relies on the same infrastructure and global network that accelerates user traffic to the Internet to also perform inline inspection against all traffic regardless of how it arrives on our network.
We also know that enterprises need more than just scanning Continue reading
Using Cloudflare for Data Loss Prevention
Data exfiltration, or data loss, can be a very time-consuming and expensive ordeal causing financial loss, negative brand association, and penalties from privacy focused laws. Take for example, an incident where sensitive smart grid and metering R&D knowledge information from an industrial control system of a North American electric utility was exfiltrated through an attack that was suspected to have originated from inside the network. Unauthorized access to data from a utilities company can result in a compromised smart grid or power outages.
In another example, a security researcher found exposed and unknown (undocumented) API endpoints for Tesla’s Backup Gateway that could have been used to export data or make unauthorized changes. This would have had very real physical consequences had the unauthenticated API endpoint been used by an attacker to damage the battery or the connected electric grid.
Both these examples emphasize the importance of considering internal and external threats when thinking about how to protect a network from data exfiltration. An insider threat isn’t necessarily a user willfully causing harm: according to Fortinet’s 2019 Insider Threat Report, from the organizations surveyed 71% were concerned about a careless user causing an accidental Continue reading
Protecting your APIs from abuse and data exfiltration
API traffic is growing fast. Last year alone it grew 300% faster at our edge than web traffic. Because APIs power mobile and web applications, transmitting instructions as diverse as “order a pizza from my favourite restaurant using this credit card” or “place a cryptocurrency trade and these are my personal details”, they are ripe for data theft and abuse. Data exposure is listed as one of the top threats for API traffic by OWASP; this includes data leaks and exfiltration from origin responses (API Security TOP 10 threats 2019). The increase in API traffic and more frequent data attacks call for new security solutions.
Cloudflare’s security toolkit had always been designed to protect web and API traffic. However, after talking to hundreds of customers we realised that there is a need for easily deployed and configured security tools for API traffic in a single interface. To meet this demand, in October 2020 we launched API ShieldTM, a new product aimed at bringing together all security solutions designed for API traffic. We started by providing mTLS authentication to all Cloudflare users free of charge, gRPC support and Schema Validation in Beta. During the launch we laid Continue reading
Hands-On: Azure Route Server
TL&DR: Azure Route Server works as advertised. Setting it up is excruciatingly slow. You might want to start the process just before taking a long lunch break.
I decided to take Azure Route Server for a ride. Simple setup, two Networking Virtual Appliance (NVA) instances running Quagga to advertise a single prefix (just to see how multipathing works).
Here’s the diagram of what I set up:
Hands-On: Azure Route Server
TL&DR: Azure Route Server works as advertised. Setting it up is excruciatingly slow. You might want to start the process just before taking a long lunch break.
I decided to take Azure Route Server for a ride. Simple setup, two Networking Virtual Appliance (NVA) instances running Quagga to advertise a single prefix (just to see how multipathing works).
Here’s the diagram of what I set up:
SASE Should Make Life Easier for Employees and IT
As SASE solutions incorporate more user-centric intelligence, the enterprise IT stack will become more supportive of the real-world problems confronting businesses every day.It is Always Something (RFC1925, Rule 7)
While those working in the network engineering world are quite familiar with the expression “it is always something!,” defining this (often exasperated) declaration is a little trickier. The wise folks in the IETF, however, have provided a definition in RFC1925. Rule 7, “it is always something,” is quickly followed with a corollary, rule 7a, which says: “Good, Fast, Cheap: Pick any two (you can’t have all three).”
You can either quickly build a network which works well and is therefore expensive, or take your time and build a network that is cheap and still does not work well, or… Well, you get the idea. There are many other instances of these sorts of three-way tradeoffs in the real world, such as the (in)famous CAP theorem, which states a database can be consistent, available, and partitionable (or partitioned). Eventual consistency, and problems from microloops to surprise package deliveries (when you thought you ordered one thing, but another was placed in your cart because of a database inconsistency) have resulted. Another form of this three-way tradeoff is the much less famous, but equally true, state, optimization, surface tradeoff trio in network design.
It is possible, however, to build a system Continue reading
Browser Isolation for teams of all sizes
Every Internet-connected organization relies on web browsers to operate: accepting transactions, engaging with customers, or working with sensitive data. The very act of clicking a link triggers your web browser to download and execute a large bundle of unknown code on your local device.
IT organizations have always been on the back foot while defending themselves from security threats. It is not a question of ‘if’, but ‘when’ the next zero-day vulnerability will compromise a web browser. How can IT organizations protect their users and data from unknown threats without over-blocking every potential risk? The solution is to shift the burden of executing untrusted code from the user’s device to a remote isolated browser.
Bringing Remote Browser Isolation to teams of any size
Today we are excited to announce that Cloudflare Browser Isolation is now available within Cloudflare for Teams suite of zero trust security and secure web browsing services as an add-on. Teams of any size from startups to large enterprises can benefit from reliable and safe browsing without changing their preferred web browser or setting up complex network topologies.
Remote Browsers must be reliable
Running sensitive workloads in secure environments is nothing new, and Remote Browser Isolation (RBI) Continue reading