0

F5 Buys Shape for $1B to Dominate Application Security

Shape boasts that it protects more accounts from fraud than everyone else combined. Its customers...

Read More »

0

Enforcing Network Security Policies with GitOps – Part 1

“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security.

Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as a YAML configuration and works very well with GitOps.

We will do a three-part blog series covering GitOps for network security policies. In part one (this part), we cover the overview and getting started with a working example tutorial. In part two, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples.

Note that all policies in Calico Enterprise (network security policy, RBAC, threat detection, logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.

By adopting GitOps, security teams benefit in the following ways:

• Take your policies Continue reading

0

VMware, CenturyLink, 128 Unveil Holiday SD-WAN Deals

Those receiving SD-WAN gifts include Hughes Networks, Braskem, and Impulse Advanced...

Read More »

0

Deep Dive: How the News and Media Sector Scores on Security and Privacy

In April 2019 the Internet Society’s Online Trust Alliance released its 10th annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites in various sectors. The news and and media sector, compromised of the top 100 news and media sites according to US traffic to their websites, improved its privacy practices in 2018. Like most sites, however, there is still room for improvement in privacy statements.

In 2017 less than half (48%) of news and media sites made the Honor Roll. In 2018 that number went up significantly to 78%, largely due to improvements in privacy statements. Privacy is scored in two ways in the Audit, we look at trackers on each site and we score the privacy statements across over 30 criteria.

One area where news sites did not improve was in the use of trackers on their site. Out of all the sectors news and media scored the lowest in trackers with a score of 39 (out of 45). Part of the reason for this is the news and media sector relies on advertising revenue, which often requires the use of trackers to serve ads.

On Continue reading

0

Google Cloud’s 5 Boldest Moves of 2019

Google Cloud made some big moves in 2019, but will they be enough to best top-ranked Amazon and...

Read More »

0

Why Illumio Wants You to Break Up With Your Firewall

Host-based segmentation is more effective at protecting data centers and clouds against lateral...

Read More »

0

Fortinet Leapfrogs Cisco With 21,000 SD-WAN Customers

Late last month Cisco announced it had 20,000 SD-WAN customers spread across its Viptela and...

Read More »

0

Intel Chip Flaw Plunderbolt Hits Secure Enclaves

The chipmaker issued a patch for the vulnerability, which could allow attackers to change...

Read More »

0

Corsa’s Eduardo Cervantes Talks Scaling Network Security for Encrypted Traffic Inspection

Hear from Corsa's Eduardo Cervantes and his thoughts on security, the data explosion, and why...

Read More »

Related Stories

• Corsa’s Eduardo Cervantes Talks Scaling Network Security for Encrypted Traffic Inspection

0

Google Cloud Beefs Up Security With Palo Alto Networks, Fortinet

Palo Alto Networks and Google Cloud pledged to jointly develop a new multi-cloud security framework...

Read More »

0

SD-WAN to Clip WAN Edge Growth, Gartner Predicts

Gartner expects the slow down in WAN edge spending to be offset somewhat by increasing bandwidth...

Read More »

0

Five Benefits of Network Monitoring Software You Can’t Deny

In this blog post, CA Technologies will discuss five benefits that you can derive out of your...

Read More »

0

This is finally the year of the ARM server

"RISC" was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they free up transistors for more registers and better pipelining. It meant executing more instructions, but more than making up for this by executing them faster.

But once CPUs exceed a million transistors around 1995, they moved to Out-of-Order, superscalar architectures. OoO replaces RISC by decoupling the front-end instruction-set with the back-end execution. A "reduced instruction set" no longer matters, the backend architecture differs little between Intel and competing RISC chips like ARM. Yet people have remained fixated on instruction set. The reason is simply politics. Intel has been the dominant instruction set for the computers we use on servers, desktops, and laptops. Many instinctively resist whoever dominates. In addition, colleges indoctrinate students on the superiority of RISC. Much college computer science instruction is decades out of date.

For 10 years, the ignorant press has been championing the cause of ARM's RISC processors in servers. The refrain has always been that RISC has some inherent power efficiency advantage, and that ARM processors with natural power efficiency from the mobile world will be more power efficient for the data center.

None Continue reading

0

Atlassian Forge Serves an AWS Lambda-Based Serverless Option

The platform includes Atlassian-operated compute and storage, a declarative UI language that allows...

Read More »

0

Five Ways to Quickly Uncover Malicious Activity and Protect Your Kubernetes Workloads

Organizations are rapidly moving more and more mission-critical applications to Kubernetes (K8s) and the cloud to reduce costs, achieve faster deployment times, and improve operational efficiencies, but are struggling to achieve a strong security posture because of their inability to apply conventional security practices in the cloud environment. Commitment to cloud security grows, but security safeguards are not keeping up with the increased use of the various cloud platforms. Regardless of the cloud provider or service model, individual organizations are ultimately responsible for the security of their data.

According to a 2019 Ponemon Institute Global Cloud Data Security Study, 70 percent of respondents find it more complex to manage privacy and data protection regulations in a cloud environment than on-premises. Meanwhile, the percent of corporate data stored in the cloud environment has grown from an average of 30 percent in 2015 to an average of 48 percent in 2019. In the same study, 56 percent of respondents say the use of cloud resources increases compliance risk.

The downside associated with a security breach is severe for any organization, but especially so for companies in regulated environments like financial services, healthcare and telecommunications. Now there’s a new and highly effective way Continue reading

0

SASE: Here’s Where Your Digital Business Network Starts

SASE is emerging in response to the needs of today’s digital business. The digital business is...

Read More »

0

Fortinet Snaps Up SOAR Provider CyberSponse

CyberSponse's feature set will further extend the automation and incident response capabilities of...

Read More »

0

Telefónica Defies US, Selects Nokia, Huawei for 5G

With the blessing of German authorities, all three of the country's leading operators decided to...

Read More »

0

Claudio Jeker Honored by Internet Security Research Group with Radiant Award

This week another Radiant Award has been awarded by the Internet Security Research Group, the folks behind Let’s Encrypt. The award puts the limelight on the heroes who make the Internet more secure and trustworthy each day.

The newest Radiant Award winner is Claudio Jeker, who receives the prize for his work of a BGP4 implementation on OpenBSD. This makes me horrendously enthusiastic. Why?

OpenBSD is a open-software based operating system that is focused on being secure and feature complete. It comes with a set of tools that make it ideally suited to be deployed, for instance, as a secure route server in an Internet Exchange Point (IXP). A route server is a service that an IXP can host in order to make the participating network service providers lives a little easier. They do not have to get the routing information from each other, but can simply talk to this piece of centralized infrastructure. OpenBSD allows this type of infrastructure to be build from commodity components in a scalable and secure way.

With a route server in place, an IXP can take additional measures to secure the Internet, namely by taking the MANRS actions.

Ultimately this would not be Continue reading

0

Microsoft, NTT Tap Azure, AI to Target Enterprises

The alliance also makes Microsoft’s Azure NTT’s preferred cloud platform for modernizing its...

Read More »