Juniper Networks’ Security Acceleration Card Targets 5G Firewall Performance
The new service processing card can provide up to an 11-fold performance boost to Juniper’s SRX5000 line of firewalls compared to the earlier version, the company claims.
Gigamon Acquires SaaS Security Startup For Network Analytics
Gigamon has acquired Icebrg, a security startup that collects and analyzes network metadata to detect attacks and help security teams investigate incidents. Icebrg uses on-premises sensors to collect packet metadata from switches and routers, and then sends that data to its cloud platform. Customers then access the data from a portal for analysis and investigation. […]Evolute Container Migration Platform Slices Enterprise Complexity
The automated migration process carves out only the assets needed to operate the application in a container environment.
Deep Packet Inspection: Enable Advanced SD-WAN Analytics and Security Features
Learn how DPI enables advanced SD-WAN analytics and security features.
Oracle Security Makeover Highlights CASB, Identity Automation
The company calls its new security framework Trust Fabric and says it can help companies predict, prevent, and respond to threats using integrated technologies and automation.
Symantec to Cut Global Workforce Amid Declining Enterprise Security Sales
The layoffs will target about 900 employees and are part of a larger restructuring plan to save about $115 million annually.
Cisco and the Two-Factor Two-Step
In case you missed the news, Cisco announced yesterday that they are buying Duo Security. This is a great move on Cisco’s part. They need to beef up their security portfolio to compete against not only Palo Alto Networks but also against all the up-and-coming startups that are trying to solve problems that are largely being ignored by large enterprise security vendors. But how does an authentication vendor help Cisco?
Who Are You?
The world relies on passwords to run. Banks, email, and even your mobile device has some kind of passcode. We memorize them, write them down, or sometimes just use a password manager (like 1Password) to keep them safe. But passwords can be guessed. Trivial passwords are especially vulnerable. And when you factor in things like rainbow tables, it gets even scarier.
The most secure systems require you to have some additional form of authentication. You may have heard this termed as Two Factor Authentication (2FA). 2FA makes sure that no one is just going to be able to guess your password. The most commonly accepted forms of multi-factor authentication are:
- Something You Know – Password, PIN, etc
- Something You Have – Credit Card, Auth token, Continue reading
Fortinet CEO Cites 7-Figure SD-WAN Win on Q2 2018 Earnings Call
The security company’s impressive growth results boosted its stock and put it on track to beat its previous closing high.
Cisco Buys Duo Security for $2.35 Billion
Acquiring the two-factor authentication startup boosts Cisco’s cloud security portfolio and its intent-based networking strategy.
GSMA Announces Latest Event Updates for 2018 Mobile World Congress Americas, in Partnership with CTIA
The GSMA announced several additions to the Mobile World Congress Americas event line-up, including new speakers in the conference program, additional participating companies and exhibition experiences, and new programs and events.
Awake Security CEO Jumped Ship at Cylance to Build a New Unicorn
Rahul Kashyap joins Awake from endpoint security company Cylance and says while endpoint has seen all the action over the past couple of years, “the network is where the opportunity lies.”
Research; HTTPS Interceptions
I have written elsewhere about the problems with the “little green lock” shown by browsers to indicate a web page (or site) is secure. In that article, I considered the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the “green lock” paradigm—the impact of HTTPS interception. In theory, a successful HTTPS session means the session between host and the server has been encrypted, which means no third party can read the contents of the packets passing between the two.
This works, modulo the trustworthiness of the certificates involved in encrypting the traffic, so long as there is no-one in the middle of the connection encrypting packets from the receiver, and re-encrypting them towards the transmitter. This “man in the middle,” or MITM, can read the contents of all the packets in the exchange, even though the data is encrypted on transmit. Surely such MITM situations are rare, right?
Right.
The researchers in this paper set out to discover just how often HTTPS (LTS) sessions are terminated and re-encrypted by some device or piece of software in the middle. To discover how often Continue reading
Some changes in how libpcap works you should know
I thought I'd document the solution to this problem I had.The API libpcap is the standard cross-platform way of sniffing packets off the network. It works on Windows (winpcap), macOS, and all the Unixes. It's better than simply opening a "raw socket" on Unix platforms because it takes advantage of higher performance capabilities of the system, including specialized sniffing hardware.
Traditionally, you'd open an adapter with pcap_open(), whose function parameters set options like snap length, promiscuous mode, and timeouts.
However, in newer versions of the API, what you should do instead is call pcap_create(), then set the options individually with calls to functions like pcap_set_timeout(), then once you are ready to start capturing, call pcap_activate().
I mention this in relation to "TPACKET" and pcap_set_immediate_mode().
Over the years, Linux has been adding a "ring buffer" mode to packet capture. This is a trick where a packet buffer is memory mapped between user-space and kernel-space. It allows a packet-sniffer to pull packets out of the driver without the overhead of extra copies or system calls that cause a user-kernel space transition. This has gone through several generations.
One of the latest generations causes the pcap_next() function Continue reading
Imperva Acquires Application Security Vendor Prevoty for $140M
Prevoty’s product uses runtime application self-protection (RASP), an emerging security technology that is built into an application and can detect and respond to attacks in real time.
Q2 FY 18 Product Releases, for a better Internet “end-to-end”
Photo by Liu Zai Hou / Unsplash
In Q2, Cloudflare released several products which enable a better Internet “end-to-end” — from the mobile client to host infrastructure. Now, anyone from an individual developer to large companies and governments, can control, secure, and accelerate their applications from the “perimeter” back to the “host.”
On the client side, Cloudflare’s Mobile SDK extends control directly into your mobile apps, providing visibility into application performance and load times across any global carrier network.
On the host side, Cloudflare Workers lets companies move workloads from their host to the Cloudflare Network, reducing infrastructure costs and speeding up the user experience. Argo Tunnel lets you securely connect your host directly to a Cloudflare data center. If your host infrastructure is running other TCP services besides HTTP(S), you can now protect it with Cloudflare’s DDoS protection using Spectrum.
So for end-to-end control that is easy and fast to deploy, these recent products are all incredible “workers” across the “spectrum” of your needs.
But there’s more to the story
End users want richer experiences, such as more video, interactivity, and images. Meeting those needs can incur real costs in bandwidth, hardware, and time. Cloudflare addresses these with Continue reading
Nation-States, Criminals Increasing Attacks on ERP Systems, DHS Warns
Threat researchers found a rise in attacks on widely-used enterprise resource planning (ERP) applications such as SAP and Oracle, which currently have a combined 9,000 known security vulnerabilities.
Tenable Could Raise $288M, Making It Largest Security IPO in 5 Years
While it’s not the first security firm to go public this year — Zscaler and Carbon Black also completed successful IPOs — at $288 million it would be the most profitable.
The Road to QUIC
QUIC (Quick UDP Internet Connections) is a new encrypted-by-default Internet transport protocol, that provides a number of improvements designed to accelerate HTTP traffic as well as make it more secure, with the intended goal of eventually replacing TCP and TLS on the web. In this blog post we are going to outline some of the key features of QUIC and how they benefit the web, and also some of the challenges of supporting this radical new protocol.
There are in fact two protocols that share the same name: “Google QUIC” (“gQUIC” for short), is the original protocol that was designed by Google engineers several years ago, which, after years of experimentation, has now been adopted by the IETF (Internet Engineering Task Force) for standardization.
“IETF QUIC” (just “QUIC” from now on) has already diverged from gQUIC quite significantly such that it can be considered a separate protocol. From the wire format of the packets, to the handshake and the mapping of HTTP, QUIC has improved the original gQUIC design thanks to open collaboration from many organizations and individuals, with the shared goal of making the Internet faster and more secure.
So, what are the improvements QUIC provides?