Breaking into an industry isn’t easy. When you look at the amount of material that is necessary to learn IT skills it can be daunting and overwhelming. Don’t let the for-profit trade school ads fool you. You can’t go from ditch digger to computer engineer in just a few months. It takes time and knowledge to get there.
However, there is one concept in non-technical job roles that feels very appropriate to how we do IT training, specifically for security. And that’s the apprenticeship.
Apprenticeship is a standard for electricians and carpenters. It’s the way that we train new people to do the work of the existing workforce. It requires time and effort and a lot of training. But, it also fixes several problems with the current trend of IT certification:
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers. This post examines how we protected people against a new major vulnerability in the Drupal CMS, nicknamed Drupalgeddon 2.
Two weeks after adding protection with WAF rule ID D0003 which mitigates the critical remote code execution Drupal exploit (SA-CORE-2018-002/CVE-2018-7600), we have seen significant spikes of attack attempts. Since the 13th of April the Drupal security team has been aware of automated attack attempts and it significantly increased the security risk score of the vulnerability. It makes sense to go back and analyse what happened in the last seven days in Cloudflare’s WAF environment.
The vulnerability potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could make a site completely compromised.
Drupal introduced renderable arrays, which are a key-value structure, with keys starting with a ‘#’ symbol, that allows you to alter data during form rendering. These arrays however, did not have enough input validation. This means that an attacker could inject a custom renderable array on one of these keys in the form structure.
An integrated SD-WAN security product would likely involve at least three Cisco technologies: Viptela SD-WAN, Meraki network automation, and Umbrella cloud security.
CenturyLink tracks botnets and the C2 servers they communicate with to thwart distributed denial of service attacks.
One in four organizations using public cloud has had their data stolen, according to McAfee’s latest cloud security report.
Cybercrime will be a $6 trillion business by 2021, up from $3 trillion in 2016.
The chip company’s IoT strategy includes pushing processing to the edge, instead of the cloud.
An integration with Cisco Tetration will combine platform telemetry with machine learning algorithms to improve threat detection.
The open source tool allows for the building of a container image without providing privileged root access.
In previous blog post we discussed how we use the TPROXY
iptables module to power Cloudflare Spectrum. With TPROXY
we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product.
This is Addressograph. Source Wikipedia
When building an application level proxy, the first consideration is always about retaining real client source IP addresses. Some protocols make it easy, e.g. HTTP has a defined X-Forwarded-For
header[1], but there isn't a similar thing for generic TCP tunnels.
Others have faced this problem before us, and have devised three general solutions:
For certain applications it may be okay to ignore the real client IP address. For example, sometimes the client needs to identify itself with a username and password anyway, so the source IP doesn't really matter. In general, it's not a good practice because...
A second method was developed by Akamai: the client IP is saved inside a custom option in the TCP header in the SYN packet. Early implementations of this method weren't conforming to any standards, e.g. using option field 28 Continue reading
War and the battlefield themes dominated the opening keynotes at the annual RSA Conference 2018, just a day after a joint U.S. and U.K. alert warned that Russians are targeting American and British organizations’ network infrastructure devices, such as routers.
Cisco, itself, recently issued a warning about its Smart Install client, saying it was vulnerable to cyber attacks by nation-state actors.
The security product exposes an API to accept workload context from container orchestration systems.
Summary: VMware AppDefense continues to advance with new capabilities, new partnerships, international expansion, and increasing customer adoption
As worldwide spending on IT security continues to climb, the odds of falling victim to a data breach have risen to 1 in 4. Despite a multitude of security products on the market and large budgets to purchase them, businesses are not significantly safer. The commoditization of cyber crime has made it possible for virtually anyone with a computer to launch a sophisticated attack against a company and new attacks are being developed every day. This means the continued focus on chasing threats remains relatively ineffective to stamping out the broader challenges facing IT security.
This is a scary prospect for CISOs who are faced with securing the applications and data living in increasingly dynamic, distributed IT environments. And as more businesses embrace modern, agile application development processes, the problem of implementing security at the speed of the business is exacerbated – security is often seen as an obstacle to progress.
We created VMware AppDefense to address these very issues, with a unique approach that leverages the virtualization layer to protect applications by “ensuring good” rather than “chasing bad”. AppDefense leverages VMware’s Continue reading
The Azure Sphere technology includes a thumbnail-sized micro-controller unit, a Linux-based operating system, and a cloud-based security service.
The company is looking to support unmodified big data software in containers so data scientists can spend their time analyzing data rather than fighting hardware and drivers.
A U.K. government agency is also recommending that telcos not purchase equipment from ZTE.
An IBM security report found a 424-percent jump in breaches related to misconfigured cloud infrastructure in 2017, largely due to human error.