Oracle Acquires DDoS Mitigation and Security Startup Zenedge
Oracle gains its AI-driven web application firewall and DDoS mitigation software.
Netronome’s Niel Viljoen Discusses the SmartNIC Market, AI, & New Operator Requirements
In this interview, Niel Viljoen, CEO and founder of Netronome, discusses the new networking requirement in the data center, the failure of Moore’s Law, and a new wave of computing that he believes represents the future.
Juniper’s Multi-Cloud Push Begins with Multi-Connectivity
Multi-cloud means everything has to be connected to everything else.
Workshop on Binary Analysis Research (BAR) 2018 at NDSS on 18 February
Binary analysis refers to the process where human analysts and/or automated systems scrutinize the underlying code in software to discover, exploit, and defend against malice and vulnerabilities, oftentimes without access to source code. Through protecting legacy software deployed in all types of devices and platforms in the modern world, binary analysis techniques are becoming more and more critical in making our everyday life and our society more secure.
A Workshop on Binary Analysis Research (BAR) will be co-located with the Network and Distributed System Security Symposium (NDSS), and held in San Diego, CA, USA, on February 18, 2018.
The Workshop aims to provide an interaction point for researchers doing work in binary program analysis, with half of the workshop dedicated to traditional paper sessions and the other half to a roundtable discussion among researchers, implementers, and end-users of binary analysis techniques. BAR has attracted attention of many researchers, especially tool and framework authors, who actively work to create cutting-edge techniques and build powerful tools. Here we are happy to announce that eight high-quality academic papers have been accepted to appear in the paper sessions of the workshop, with presenters from both academia and industry. Researchers and authors of several Continue reading
HTTPS or bust: Chrome’s plan to label sites as “Not Secure”
Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”.
More than half of web visitors will soon see this warning when browsing unencrypted HTTP sites, according to data from Cloudflare’s edge that shows 56.62% of desktop requests originate from Chrome. Users presented with this warning will be less likely to interact with these sites or trust their content, so it’s imperative that site operators not yet using HTTPS have a plan to do so by July.
How did we get here (and why)?
To those who have followed the Chrome team’s public statements, this announcement comes as no surprise. Google has been gearing up for this change since 2014, as Chrome boss Parisa Tabriz tweeted and Chris Palmer memorialized in a widely distributed email. While this step is an important and potentially jarring one for users, it’s by no means the last step that Google will take to influence website administrator behavior for the better.
But why are they making this change (now)? Google’s primary motivation for driving HTTPS adoption is simple: a safe browsing experience is good for business. Users that feel Continue reading
AT&T Macro-Sizes its Microservices Supplier Program
The carrier deployed more than 300 microservices last year.
AI and Rules Drive Deepfence App-Focused Container Security
The company's approach is to diffuse an attack before it explodes.
Cloud Security Alliance Puts ERP Applications in its Crosshairs
Future CSA papers will address SAP and Oracle ERP security.
Citrix Acquires Cedexis to Improve App Performance in Hybrid Clouds
Citrix will integrate Cedexis’ programmable traffic steering technology into its portfolio.
Context-Aware Micro-segmentation – Remote Desktop Session Host Enhancements for VMware Horizon
In a previous post my colleague, Stijn, discussed the enhancements to how NSX for vSphere 6.4 handles Remote Desktop Session Host, RDSH, systems with the Identity-based Firewall and Context-Aware Micro-segmentation.
Remote Desktop Services is an underlying technology from Microsoft that many vendors take advantage of to provide overlay management and application deployment technologies for. In this post, we’re going to discuss how NSX for vSphere 6.4 allows customers to run RDS hosts with granular security for VMware Horizon systems.
VMware Horizon can provide multiple users the ability to connect to a single system to access their applications using the RDSH technology. These users can be of the same type, for example all HR users, or of multiple types, HR and Engineering users. In previous versions of NSX, it was not possible to individually secure user sessions and create Distributed Firewall (DFW) rule sets according to the user session logged into an RDSH server. This meant less flexibility in controlling what users could access data center application servers without isolating one set of users to one RDSH server. This model created a very rigid architecture for Horizon customers to follow.
Horizon allows customers Continue reading
Ixia Network Security Testing Tackles Cloud Data Center Traffic
The platform generates 25 Gb/s of encrypted traffic to test application delivery and network security.
Aerohive Access Management Tool Brings Network Security, Control to Connected Devices
It manages any device in a campus or branch office that needs network access, the company claims.
Dfinity Raises $61M for Blockchain-Based Open Cloud
The startup plans to launch its decentralized cloud this year.
Check Point Pumps Up Cloud Security: ‘It’s CASB on Steroids’
The CloudGuard technology takes a device- and application-centric approach.
Cisco Gets Yet Another CVSS 10 for ASA & Firepower | Threatpost
Yet another CVSS 10 for Cisco security products
Context-Aware Micro-segmentation – an innovative approach to Application and User Identity Firewall
Summary: With Context-awareness, NSX for vSphere 6.4 enables customers to enforce policy based on Application and Protocol Identification and expands the Identity Firewall support to Multiple User Sessions.
A few weeks ago, VMware released version 6.4 of NSX for vSphere. The 6.4 release brings many new features, with Context-awareness being key from a security perspective. Micro-segmentation enables East-West security controls, and is a key building block to a secure datacenter. Context-awareness builds-on and expands Micro-segmentation by enabling customers even more fine-grained visibility and control. NSX has supported the use infrastructure or application-centric constructs such as Security Groups based on criteria like VM name or OS version, or Dynamic Security Tags describing things like the workload function, the environment it’s deployed in, or any compliance requirements the workload falls under, enabling fine-grained control and allowing customers to automate the lifecycle of a security policy from the time an application is provisioned to the time it’s decommissioned. Prior to 6.4, rules with infrastructure or application-centric grouping constructs on the Management plane, are eventually translated to 5-tuple based rules in the dataplane.
Figure: NSX drives policy based on Network, User and Workload Context
A crucial aspect of Context-awareness Continue reading
Fortinet Stock Pops on Robust 2017 Q4 Results, Modest Forecasts
The company will also welcome a new CFO.
Explain Cisco ETA to Me in a Way That Even My Neighbor Can Understand It
Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.
Uhmm, how?
The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there’s a complicated dance that has to happen around building a Certificate Authority, distributing the CA’s public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.
Is ETA using a similar method and breaking into the encrypted session?
In this article, I’m going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how Continue reading
Palo Alto Networks Stretches Security Posture Across Big 3 Public Clouds
The new features and additional cloud support aim to provide stronger security and simplified management.
Top 5 From The Last 3 Months
In today’s day and age, content is king. It’s nearly impossible to keep up with the deluge of information, especially in the tech space where change is constant. We’re aware that the struggle is real. To keep you up-to-date on the latest and greatest in networking, we’ve compiled a round-up blog of the top posts from the past few months.
VMware Closes Acquisition of VeloCloud Networks
In December, VMware NSX completed its acquisition of VeloCloud Networks, bringing their industry-leading, cloud-delivered SD-WAN solution to our own growing software-based networking portfolio. The acquisition of VeloCloud significantly advances our strategy of enabling customers to run, manage, connect and secure any application on any cloud to any device. Learn all about the acquisition from SVP and GM, Networking and Security Business Unit Jeff Jennings.
VMware SDDC with NSX Expands to AWS
With VMware Cloud on AWS, customers can now leverage the best of both worlds – the leading compute, storage and network virtualization stack enabling enterprises for SDDC can now all be enabled with a click of a button on dedicated, elastic, bare-metal and highly available AWS infrastructure. Bonus: because it’s a managed service by VMware, customers can focus on the Continue reading