How small businesses can start using Cloudflare One today
Earlier this week, we announced Cloudflare One™, our comprehensive, cloud-based network-as-a-service solution. Cloudflare One improves network performance and security while reducing cost and complexity for companies of all sizes.
Cloudflare One is built to handle the scale and complexity of the largest corporate networks. But when it comes to network security and performance, the industry has focused all too often on the largest of customers with significant budgets and technology teams. At Cloudflare, we think it’s our opportunity and responsibility to serve everyone, and help companies of all sizes benefit from a better Internet.
This is Zero Trust Week at Cloudflare, and we’ve already talked about our mantra of Zero Trust for Everyone. As a quick refresher, Zero Trust is a security framework that assumes all networks, devices, and Internet destinations are inherently compromised and therefore should not be trusted. Cloudflare One facilitates Zero Trust security by securing how your users connect to corporate applications and the Internet at large.
As a small business network administrator, there are fundamentally three things you need to protect: devices, applications, and the network itself. Below, I’ll outline how you can secure devices whether they are in your office (DNS Filtering) or remote (WARP+ Continue reading
Introducing Cloudflare Browser Isolation beta
Reimagining the Browser
A web browser, the same application that connects users to the entire Internet, also connects you to all of the potentially harmful parts of the Internet. It’s an open door to nearly every connected system on the planet, which is powerful and terrifying.
We also rely on browsers more than ever. Most applications that we use live in a browser and that will continue to increase. For more and more organizations, a corporate laptop is just a managed web browser machine.
To keep those devices safe, and the data they hold or access, enterprises have started to deploy “browser isolation” services where the browser itself doesn’t run on the machine. Instead, the browser runs on a virtual machine in a cloud provider somewhere. By running away from the device, threats from the browser stay on that virtual machine somewhere in the cloud.
However, most isolation solutions take one of two approaches that both ruin the convenience and flexibility of a web browser:
- Record the isolated browser and send a live stream of it to the user, which is slow and makes it difficult to do basic things like input text to a form.
- Unpack the webpage, inspect Continue reading
A Simple Map of 5G Functions. And Why You Don’t Care About 5G.
A common mistake about 5G is that is a single monolithic thing. In fact a 5G network is a diverse cluster of systems that interoperate to deliver 5G service. I want to share a simplified model of 5G network and use cases. I simplify 5G Use Cases to three categories: Human, Non-Human and False. Human/Smartphones […]
Automation Win: Recreating Cisco ACI Tenants in Public Cloud
This blog post was initially sent to the subscribers of our SDN and Network Automation mailing list. Subscribe here.
Most automation projects are gradual improvements of existing manual processes, but every now and then the stars align and you get a perfect storm, like what Adrian Giacommetti encountered during one of his automation projects.
The customer had well-defined security policies implemented in Cisco ACI environment with tenants, endpoint groups, and contracts. They wanted to recreate those tenants in a public cloud, but it took way too long as the only migration tool they had was an engineer chasing GUI screens on both platforms.
Automation Win: Recreating Cisco ACI Tenants in Public Cloud
This blog post was initially sent to the subscribers of our SDN and Network Automation mailing list. Subscribe here.
Most automation projects are gradual improvements of existing manual processes, but every now and then the stars align and you get a perfect storm, like what Adrian Giacommetti encountered during one of his automation projects.
The customer had well-defined security policies implemented in Cisco ACI environment with tenants, endpoint groups, and contracts. They wanted to recreate those tenants in a public cloud, but it took way too long as the only migration tool they had was an engineer chasing GUI screens on both platforms.
Networking and Infrastructure News Roundup: October 16 Edition
Cisco adds cloud-managed sensors for asset and facility monitoring, Masergy unveils secure SD-WAN solutions for the remote workforce, and more.Solving Microservices Connectivity Issues with Network Logs
The network is foundational to distributed application environments. A distributed application has multiple microservices, each running in a set of pods often located on different nodes. Problem areas in a distributed application can be in network layer connectivity (think network flow logs), or application resources unavailability (think metrics), or component unavailability (think tracing). Network layer connectivity can be impacted by various factors such as routing configuration, IP pool configuration, network policies, etc. When service A cannot talk to service B over the network, or an external application cannot connect to service A, network logs become an essential source of historical data needed for troubleshooting connectivity issues. Just like in a traditional network, network logs enable cluster administrators to monitor the Kubernetes microservices network.
Network Logs Can Address Multiple Use Cases
Network logs can be used to serve the unique requirements of different teams (DevOps, SecOps, Platform, Network). The value of Kubernetes network logs resides in the information collected, such as detailed context about endpoints (e.g., pods, labels, namespaces) and the network policies deployed in configuring the connection. Within the IT estate, DevOps, SecOps, Network and Platform teams can use network logs to address use cases that Continue reading
Getting the Most From Your Enterprise Software
An important survival strategy in austere times is to be sure your employees are getting the most value from the software your company already licenses.Evolution of Excel 4.0 Macro Weaponization – Continued
Introduction
The evolution of the Excel 4.0 (XL4) macro malware proceeds apace, with new variations and techniques regularly introduced. To understand the threat landscape, the VMware NSBU Threat Analysis Unit extended its previous research on XL4 macro malware (see the previous blog) to analyze new trends and techniques.
Against analysis engines, the new samples have some novel evasion techniques, and they perform attacks more reliably. These variants were observed in June and July. Figure 1 depicts the Excel 4.0 macro malware wave.
Figure 1: Malicious XL4 submission: May-Aug 2020
Broadly, the samples can be categorized into three clusters. Based on the variation of the samples in these three clusters, the weaponized documents can be grouped into multiple variants.
Cluster 1: Relative Reference
The samples in this cluster appeared in the month of June. They use FORMULA.FILL for obfuscation and to move the payload around the sheet. The formula uses relative references to access values stored in the sheet. There are variations in this category; Continue reading
Member News: Haitian Chapter Calls for More Community Networks
From the community: The Haiti Chapter of the Internet Society recently posted a video advocating for more community networks in the country. Internet access is a necessity during the COVID-19 health emergency, the Chapter said. Still, there is a challenge of providing access in rural areas of the country. The Chapter wants a plan that allows communities to build their own networks “where it is not yet economically viable for Internet service providers” to offer broadband service.
Going to school: The Kyrgyzstan Chapter has provided an update about its very active ilimBox project, which provides an Internet-in-a-box service to schools in the country. In late August, the ilimBox team, with the financial support of the European Union, installed 22 ilimBox devices in the border villages of Batken region.
Don’t split the Internet: The Greater Washington, D.C., Chapter has voiced opposition to U.S. President Donald Trump’s plans to ban Chinese apps TikTok and WeChat from the U.S. The Chapter is “against breaking the Internet,” it wrote. The proposed ban “undermines the foundations of the Internet.” The Chapter’s statement echoes the position of the Internet Society as a whole.
Safety first: The St. Vincent and the Grenadines Continue reading
Day Two Cloud 070: The State Of Multi-Cloud Networking
Today's show is a vigorous discussion of multi-cloud networking. Our guest, networking expert Ivan Pepelnjak, brings a heavy dose of skepticism, nuance, and informed perspective to the tricky issue of connecting workloads across different public clouds.Day Two Cloud 070: The State Of Multi-Cloud Networking
Today's show is a vigorous discussion of multi-cloud networking. Our guest, networking expert Ivan Pepelnjak, brings a heavy dose of skepticism, nuance, and informed perspective to the tricky issue of connecting workloads across different public clouds.
The post Day Two Cloud 070: The State Of Multi-Cloud Networking appeared first on Packet Pushers.
Introducing Cloudflare One Intel
Earlier this week, we announced Cloudflare One, a single platform for networking and security management. Cloudflare One extends the speed, reliability, and security we’ve brought to Internet properties and applications over the last decade to make the Internet the new enterprise WAN.
Underpinning Cloudflare One is Cloudflare’s global network - today, our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Internet. Our network handles, on average, 18 million HTTP requests and 6 million DNS requests per second. With 1 billion unique IP addresses connecting to the Cloudflare network each day, we have one of the broadest views on Internet activity worldwide.
We see a large diversity of Internet traffic across our entire product suite. Every day, we block 72 billion cyberthreats. This visibility provides us with a unique position to understand and mitigate Internet threats, and enables us to see new threats and malware before anyone else.
At the beginning of this month, as part of our 10th Birthday Week, we launched Cloudflare Radar, which shares high-level trends with the general public based on our network’s aggregate data. The same data that powers that view of the Internet also Continue reading