NSX Going Wild at This Year’s VMworld
Get ready! NSX is hosting a major swag giveaway at VMworld as part of a celebration for everything our customers have accomplished in 2017! At various times throughout the conference, we’ll be on the prowl, looking for folks sporting NSX gear. If you’re spotted “in the wild” adorned with anything “NSX”, you could win some awesome swag and prizes.
Join the hunt: show off your NSX pride (and your photography skills), and post photos of anything #NSX with the hashtag #NSXintheWild. Winners will be chosen at random on the VMworld floor and online, so you never know when we might have you in our sights. But make no mistake – if you’re representing NSX in the wild, you’ll be a prime target for swag.
Pay it forward: If you happen to spot some cool NSX gear in the wild, snap a photo and tweet it out using the hashtag #NSXintheWild. We hope you’ll join the fun and show off your NSX treasure. Your odds of winning some prizes will be much higher at VMworld if you do, as opposed to hitting the slots!
The post NSX Going Wild at This Year’s VMworld appeared first on Network Virtualization.
VMware NSX Day 1 Guide Library
Our VMware NSX Guides are authored and technically reviewed by VMware subject-matter experts and cover networking and security essentials.
Below you will find a description of the current books in our library along with a downloadable PDF link.
If you are interested in purchasing a hardcopy, you can do so at our online store.
Check out our Four New Releases!
New Release: VMware NSX Automation Fundamentals Guide
VMware NSX Automation Fundamentals delivers the roadmap to understanding networking and security automation challenges in today’s data centers. It explains the fundamental nature of VMware NSX Data Center architecture while detailing integrated solutions for both VMware and third party offerings (such as VMware vRealize Automation, OpenStack, Puppet, Chef, PowerNSX) that assist in creating networking and security components on-demand.
Follow Caio on Twitter! And follow Thiago on Twitter too!
New Release: VMware NSX Network Virtualization Fundamentals
During their digital transformation process, many IT organizations still struggle with traditional networking methods and security approaches. By successfully addressing these challenges in thousands of real-world implementations, VMware NSX Data Center has established itself as the leading network virtualization platform, revolutionizing the way data center networks are designed and operated. In Continue reading
Overcoming The Five Hybrid Cloud Adoption Challenges
Time to market is of essence, because your competitors are already there.
VMware NSX-V: Security for VxRAIL Hyper-Converged Solutions
Check-out the new white paper on leveraging NSX-V for security within the VxRAIL hyper-converged platform. The paper outlines how VxRAIL hyper-converged solutions leveraging NSX-V for security solves many of the security challenges with traditional silo-based architectures. A brief outline is provided below. Make sure to checkout the white paper for additional details. Continue reading
Verizon Adds Check Point Security to Virtual Network Services
Verizon customers requested Check Point security.
NeuVector Takes Stab at Securing VMware Container Environment
Company's security focus is on container runtime environments.
ROI is not a cybersecurity concept
In the cybersecurity community, much time is spent trying to speak the language of business, in order to communicate to business leaders our problems. One way we do this is trying to adapt the concept of "return on investment" or "ROI" to explain why they need to spend more money. Stop doing this. It's nonsense. ROI is a concept pushed by vendors in order to justify why you should pay money for their snake oil security products. Don't play the vendor's game.The correct concept is simply "risk analysis". Here's how it works.
List out all the risks. For each risk, calculate:
- How often it occurs.
- How much damage it does.
- How to mitigate it.
- How effective the mitigation is (reduces chance and/or cost).
- How much the mitigation costs.
If you have risk of something that'll happen once-per-day on average, costing $1000 each time, then a mitigation costing $500/day that reduces likelihood to once-per-week is a clear win for investment.
Now, ROI should in theory fit directly into this model. If you are paying $500/day to reduce that risk, I could use ROI to show you hypothetical products that will ...
- ...reduce the remaining risk to once-per-month for an additional $10/day.
- ... Continue reading
Illumio VP: You Shouldn’t Need a Security Ph.D. to Protect Workloads
New security platform features focus on visualization and security policy development.
My Three Favorite New Features in Docker Enterprise Edition
I’ve been at Docker for just over two years now, and I’ve worked with every version of Docker Enterprise Edition (née Docker Datacenter) since before there even was a Docker Enterprise Edition (EE). I’m more excited about this new release than any previous release.
There are several new features that are going to ease the management of your applications (both traditional and cloud-native) wherever you need them to run: the cloud or the data center, virtual or physical, Linux or Windows – and now even IBM Z mainframes.
It would take too long to discuss all of the new features, so with that in mind, I’m going to talk about my three favorite features in Docker EE 17.06.
Hybrid-OS Clusters
Docker and Microsoft introduced support for Windows Server containers last fall. This was a major milestone that helped Docker move towards the goal of embracing apps across the entirety of the data center. With this latest release Docker extends hybrid OS operations even further: IT admins can now build and manage clusters comprised of Linux, Windows Server 2016, and IBM Z mainframes – all from the same management plane. This means you can manage applications comprised of both Windows Continue reading
On ISO standardization of blockchains
So ISO, the primary international standards organization, is seeking to standardize blockchain technologies. On the surface, this seems a reasonable idea, creating a common standard that everyone can interoperate with.But it can be silly idea in practice. I mean, it should not be assumed that this is a good thing to do.
The value of official standards
You don't need the official imprimatur of a government committee for something to be a "standard". The Internet itself is a prime example of that.In the 1980s, the ISO and the IETF (Internet Engineering Task Force) pursued competing standards for creating a world-wide "internet". The IETF was an informal group of technologist that had essentially no official standing.
The ISO version of the Internet failed. Their process was to bring multiple stakeholders from business, government, and universities together in committees to debate competing interests. The result was something so horrible that it could never work in practice.
The IETF succeeded. It consisted of engineers just building things. Rather than officially "standardized", these things were "described", so that others knew enough to build their own version that interoperated. Once lots of different people built interoperating versions of something, then it became a Continue reading
Announcement: IPS code
So after 20 years, IBM is killing off my BlackICE code created in April 1998. So it's time that I rewrite it.BlackICE was the first "inline" intrusion-detection system, aka. an "intrusion prevention system" or IPS. ISS purchased my company in 2001 and replaced their RealSecure engine with it, and later renamed it Proventia. Then IBM purchased ISS in 2006. Now, they are formally canceling the project and moving customers onto Cisco's products, which are based on Snort.
So now is a good time to write a replacement. The reason is that BlackICE worked fundamentally differently than Snort, using protocol analysis rather than pattern-matching. In this way, it worked more like Bro than Snort. The biggest benefit of protocol-analysis is speed, making it many times faster than Snort. The second benefit is better detection ability, as I describe in this post on Heartbleed.
So my plan is to create a new project. I'll be checking in the starter bits into GitHub starting a couple weeks from now. I need to figure out a new name for the project, so I don't have to rip off a name from William Gibson like I did last time :).
Some notes:
- Yes, it'll Continue reading
IoT Security Firm ZingBox Raises $22M in Series B
The company is using machine learning to predict device behavior.
Juniper SVP: Cloud Computing’s Next Wave Unifies Security and Connectivity
Juniper SVP expects its security business to recover by year-end.
Rackspace Brings Encryption to the Cloud
Companies facing EU compliance guidelines will receive a helping hand.
Why that “file-copy” forensics of DNC hack is wrong
People keep asking me about this story about how forensics "experts" have found proof the DNC hack was an inside job, because files were copied at 22-megabytes-per-second, faster than is reasonable for Internet connections.This story is bogus.
Yes, the forensics is correct that at some point, files were copied at 22-mBps. But there's no evidence this was the point at Internet transfer out of the DNC.
One point might from one computer to another within the DNC. Indeed, as someone experienced doing this sort of hack, it's almost certain that at some point, such a copy happened. The computers you are able to hack into are rarely the computers that have the data you want. Instead, you have to copy the data from other computers to the hacked computer, and then exfiltrate the data out of the hacked computer.
Another point might have been from one computer to another within the hacker's own network, after the data was stolen. As a hacker, I can tell you that I frequently do this. Indeed, as this story points out, the timestamps of the file shows that the 22-mBps copy happened months after the hack was detected.
If the 22-mBps was Continue reading
AWS Debuts AI-Powered Cloud Security, Announces 2 Big Customer Wins
AWS’ cloud services and infrastructure give enterprises ‘superpowers.’
Time, Security Cited as Hurdles to Adoption of Containers
Both challenges are seen as boring and basic, but significant for enterprises.
Enterprise Data Center: Why Stop at Software-Defined?
The SDDC is an artificial and temporary stopgap toward the next architectural destination.
CenturyLink to Resell King & Union’s Security Collaboration Platform
It’s like Slack for security teams, but with a built-in data store, graphing, threat visualization, and automation.
Query name minimization
One new thing you need to add your DNS security policies is "query name minimizations" (RFC 7816). I thought I'd mention it since many haven't heard about it.Right now, when DNS resolvers lookup a name like "www.example.com.", they send the entire name to the root server (like a.root-servers.net.). When it gets back the answer to the .com DNS server a.gtld-servers.net), it then resends the full "www.example.com" query to that server.
This is obviously unnecessary. The first query should be just .com. to the root server, then example.com. to the next server -- the minimal amount needed for each query, not the full query.
The reason this is important is that everyone is listening in on root name server queries. Universities and independent researchers do this to maintain the DNS system, and to track malware. Security companies do this also to track malware, bots, command-and-control channels, and so forth. The world's biggest spy agencies do this in order just to spy on people. Minimizing your queries prevents them from spying on you.
An example where this is important is that story of lookups from AlfaBank in Continue reading