Will Cloud Security Expansion Lift Symantec Back Into the Black?
After a disappointing first quarter Symantec needs these cloud security updates to boost its bottom line and clout with enterprise customers.
Microsoft Boosts Government Cloud Support as JEDI Looms
The company currently supports 50 services at the FedRAMP Moderate level with plans to push that to the FedRAMP High level by year-end.
Google Won’t Compete for Pentagon’s $10B JEDI Cloud Deal
Google on Monday also said it would shut down its Google+ social network after a vulnerability exposed the personal data of approximately 500,000 users.
Setting the Record Straight on Multi-Cloud Security
Before deploying a multi-cloud strategy, there are four myths about multi-cloud security that need debunking.
CloudHealth Founder Talks VMware Acquisition, Cloud’s Next Phase
CloudHealth CTO and co-founder Joe Kinsella says VMware plans to target managed service providers with its new multi-cloud management product line.
Leave your VPN and cURL secure APIs with Cloudflare Access
We built Access to solve a problem here at Cloudflare: our VPN. Our team members hated the slowness and inconvenience of VPN but, that wasn’t the issue we needed to solve. The security risks posed by a VPN required a better solution.
VPNs punch holes in the network perimeter. Once inside, individuals can access everything. This can include critically sensitive content like private keys, cryptographic salts, and log files. Cloudflare is a security company; this situation was unacceptable. We need a better method that gives every application control over precisely who is allowed to reach it.
Access meets that need. We started by moving our browser-based applications behind Access. Team members could connect to applications faster, from anywhere, while we improved the security of the entire organization. However, we weren’t yet ready to turn off our VPN as some tasks are better done through a command line. We cannot #EndTheVPN without replacing all of its use cases. Reaching a server from the command line required us to fall back to our VPN.
Today, we’re releasing a beta command line tool to help your team, and ours. Before we started using this feature at Cloudflare, curling a server required me to Continue reading
Bloomberg China Chip-Hack Controversy Highlights Fake News, National Security Fears
By now the story and resulting controversy is as much about media credibility as it is about cyber — and national — security.
Gravitational Draws Kubernetes Into Its Secure Credential Sphere
The update allows for the management of glass of credentials using both Kubernetes and secure socket shell for multiple infrastructure environments.
The Why of Security
Security is a field of questions. We find ourselves asking
all kinds of them all the time. Who is trying to get into my network? What are
they using? How can I stop them? But I feel that the most important question is
the one we ask the least. And the answer to that question provides the
motivation to really fix problems as well as conserving the effort necessary to
do so.
The Why’s Old Sage
If you’re someone with kids, imagine a conversation like
this one for a moment:
Your child runs into the kitchen with a lit torch in their hands and asks “Hey, where do we keep the gasoline?”
Now, some of you are probably laughing. And some of you are
probably imagining all kinds of crazy going on here. But I’m sure that most of
you probably started asking a lot of questions like:
- – Why does my child have a lit torch in the house?
- – Why do they want to know where the gasoline is?
- – Why do they want to put these two things together?
- – Why am I not stopping this right now?
Usually, the rest of the Five Ws follow Continue reading
Nation-States Attack MSP Networks, DHS Security Alert Warns
Managed service providers' customers — especially IT, energy, healthcare, communications, and manufacturing companies — are the end target for these attacks.
Are you ready? How to prepare for the DNSSEC Root KSK Rollover on October 11, 2018
Are you ready? Are your systems prepared so that DNS will keep functioning for your networks? One week from today, on Thursday, October 11, 2018, at 16:00 UTC ICANN will change the cryptographic key that is at the center of the DNS security system – what we call DNSSEC. The current key has been in place since July 15, 2010. This is a long-planned replacement.
If everything goes fine, you should not notice and your systems will all work as normal. However, if your DNS resolvers are not ready to use the new key, your users may not be able to reach many websites, send email, use social media or engage in other Internet activities!
This change of this central security key for DNS is known as the “Root Key Signing Key (KSK) Rollover”. It has been in discussion and planning since 2013. We’ve written many articles about it and spoken about it at many conferences, as have many others in the industry. ICANN has a page with many links and articles at:
But here we are, with only a few days left and you may be wondering – how can I know if my systems Continue reading
Notes on the Bloomberg Supermicro supply chain hack story
Bloomberg has a story how Chinese intelligence inserted secret chips into servers bound for America. There are a couple issues with the story I wanted to address.The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:
a person briefed on evidence gathered during the probe saysThat means somebody not even involved, but somebody who heard a rumor. It also doesn't the person even had sufficient expertise to understand what they were being briefed about.
The technical detail that's missing from the story is that the supply chain is already messed up with fake chips rather than malicious chips. Reputable vendors spend a lot of time ensuring quality, reliability, tolerances, ability to withstand harsh environments, and so on. Even the simplest of chips can command a price premium when they are well made.
What happens is that other companies make clones that are cheaper and lower quality. They are just good enough to pass testing, but fail in the real world. They may not even be completely fake chips. They may be bad chips the original manufacturer discarded, or chips the night shift at the factory secretly ran through on the Continue reading
National Cybersecurity Awareness Month = International IoT Security and Privacy Month
October is National Cybersecurity Awareness Month, and as part of our work with the Online Trust Alliance and our Internet of Things (IoT) campaign, we think October also deserves another label… International IoT Security and Privacy Month. There are a number of significant activities and developments related to security and privacy. Here are a few highlights of what’s happening, how we are participating, and how you can get involved.
- The “How to Make Trustworthy #IoT” Workshop – (Oct. 8) This year’s Internet Society Chapterthon is focused on IoT, and we are excited to see how all 43 participating Chapters raise awareness of the privacy and security issues surrounding IoT. On Monday, 8 October, Jeff Wilbur and Megan Kruse from the Online Trust Alliance be in New York City with the Internet Society New York Chapter (ISOC-NY) and IoTNation holding a workshop on ‘How to Make Trustworthy IoT’ – an IoT Privacy & Security Workshop. If you’ll be in New York City on Monday, please consider registering for the event, or watching the livestream starting at 2PM.
- Comments due for NIST Internal Report (NISTIR) 8228: Considerations for Managing IoT Cybersecurity and Privacy Risks – (Oct. 24) The report by Continue reading
China Hacked Supermicro Servers to Spy on Amazon, Microsoft, Report Says
A former U.S. intelligent official said that data center server provider Supermicro was the "Microsoft of the hardware world" and that attacking Supermicro motherboards was "like attacking the whole world.”
SD-WAN vs. Next-Gen Firewalls: Chicken or the Egg?
At the SD-WAN Summit 2018 in Paris, one of the more contentious debates was which will come first: next-generation firewall or new SD-WAN capabilities?
Announcing Firewall Rules
Threat landscapes change every second. As attackers evolve, becoming more dynamic and devious, vulnerabilities materialize faster than engineers can patch their applications. Part of Cloudflare’s mission is to keep you and your applications safe. Today, Cloudflare is launching a new feature, giving customers what they have been requesting - fine-grained control over their incoming requests.
Cloudflare already offers a number of powerful firewall tools such as IP rules, CIDR rules, ASN rules, country rules, HTTP user-agent blocking, Zone Lockdown (for these URIs only allow traffic from those IPs), and our comprehensive managed rules within our WAF (Web Application Firewall). But sometimes, you need to combine the power of these to fully mitigate an attack, and to express a block rule that breaks the boundaries of the existing tools, to be able to “block traffic to this URI when the request comes from that IP and the user-agent matches one of these”.
Flexibility and Control
© Stefano Kocka : Source Wikipedia
Common themes arose when we spoke to customers about their needs and also reviewed feature requests that our customer support team had seen, and we categorised the top pieces of feedback and feature requests into three core needs:
- More flexibility Continue reading
Palo Alto Networks Pays $173M for Cloud Security Startup RedLock
Palo Alto Networks plans to combine technologies from RedLock and Evident, another recent acquisition, into one product that provides cloud security analytics, advanced threat detection, continuous security, and compliance monitoring.
Cisco’s David Ulevitch Leaves to Join a VC Firm
David Ulevitch, who was once in charge of Cisco’s security business, is leaving to become a general partner at Andreesson Horowitz.
Cloudflare Access: Sharing our single-sign on plugin for Atlassian
Here at Cloudflare, we rely on a set of productivity tools built by Atlassian, including Jira and Confluence. We secure them with Cloudflare Access. In the past, when our team members wanted to reach those applications, they first logged in with our identity provider credentials to pass Access. They then broke out a second set of credentials, specific to Atlassian tools, to reach Jira. The flow is inconvenient on a desktop and downright painful on a mobile device.
While Access can determine who should be able to reach an application, the product alone cannot decide what the user should be able to do once they arrive at the destination. The application sets those specific permissions, typically by requiring another set of user credentials. The extra step slows down and frustrates end users. Access saves time by replacing a cumbersome VPN login. However, we wanted to also solve the SSO problem for our team.
We created a plugin, specific to Atlassian, that could take identity data from the token generated by Access and map it to a user account. Our team members log in with our identity provider to pass Access, and then Access could set their user permissions in Jira Continue reading
Cohesity Targets Service Providers With Multi-Tenant Platform
The software-defined platform runs on top of Cohesity, Cisco, HPE, or Dell EMC hyperconverged secondary storage appliances.