Cybersecurity, Cloud and AI: Top-of-mind themes heading into 2024

Recently I had the opportunity to host a group of forward-thinking CISOs, CIOs and other executive decision makers drawn from several enterprise organizations in the United States. The goal was to frame perspectives on trends and priorities emerging within their respective organizations while co-relating to broader industry trends.  Specifically, the intent here was not to x-ray the requirements of any single organization, but rather to identify, detect and understand patterns that could, in turn guide priorities over the next few years, benefiting the broader community. The discussions unearthed a lot of commonality in terms of shared pain points and higher order goals, and I thank the leaders that participated in the exercise, as well as the talented members of my team that came together to create a successful forum for discussion.

This multi-part blog series will summarize prominent patterns and insights that emerged from these sessions, that would hopefully serve as guideposts for the next 12-24 months, mostly in the areas of security, cloud infrastructure and deployment models.

Over a few sessions, broadly we had the cohort dive engage along three axis –

  1. The first was to really examine their top pain points. Issues, that if solved, would help Continue reading

Debian on IPng’s VPP Routers

Debian

Introduction

When IPng Networks first built out a european network, I was running the Disaggregated Network Operating System [ref], initially based on AT&T’s “dNOS” software framework. Over time though, the DANOS project slowed down, and the developers with whom I had a pretty good relationship all left for greener pastures.

In 2019, Pierre Pfister (and several others) built a VPP router sandbox [ref], which graduated into a feature called the Linux Control Plane plugin [ref]. Lots of folks put in an effort for the Linux Control Plane, notably Neale Ranns from Cisco (these days Graphiant), and Matt Smith and Jon Loeliger from Netgate (who ship this as TNSR [ref], check it out!). I helped as well, by adding a bunch of Netlink handling and VPP->Linux synchronization code, which I’ve written about a bunch on this blog in the 2021 VPP development series [ref].

At the time, Ubuntu and CentOS were the supported platforms, so I installed a bunch of Ubuntu machines when doing the deploy with my buddy Fred from IP-Max [ref]. But as time went by, I fell back to my old habit of running Debian Continue reading

Worth Reading: The AI Supply Paradox

Eric Hoel published a spot-on analysis of AI disruptiveness, including this gem:

The easier it is to train an AI to do something, the less economically valuable that thing is. After all, the huge supply of the thing is how the AI got so good in the first place.

TL&DR: AI can easily disrupt things that are easy to generate and thus have little value. Seeing investors trying to recoup the billions pouring into the latest fad will be fun.

Worth Reading: The AI Supply Paradox

Eric Hoel published a spot-on analysis of AI disruptiveness, including this gem:

The easier it is to train an AI to do something, the less economically valuable that thing is. After all, the huge supply of the thing is how the AI got so good in the first place.

TL&DR: AI can easily disrupt things that are easy to generate and thus have little value. Seeing investors trying to recoup the billions pouring into the latest fad will be fun.

Weekend Reads 121523


NTT Data has opened a hotel at which it plans to watch people sleep, as part of a plan to gather – and of course sell – data about the snoozing habits of ten million people.


Business and technical leaders should prepare to focus on memory safety in software development, the US Cybersecurity and Infrastructure Agency (CISA) urged on Wednesday.


A proposed fork of the OpenPGP standard, called “LibrePGP” and initiated by GnuPG’s maintainer Werner Koch, has made a series of statements on its own website1 in order to justify its existence.


Cisco has quietly introduced changes to the licensing model for its Catalyst range, and will bring it to more products over time.


ICANN’s response to the European Union’s Network and Information Security Directive (NIS2) is a litmus test on whether its policy processes can address the needs of all stakeholders, instead of only satisfying the needs of the domain industry.


One of the joys of operational privacy professionals is getting that random, Friday afternoon Slack from someone on the product team asking, “Can we [insert questionable action] with our customer data?”


Lackluster security controls in one of Google’s cloud services for data scientists could allow hackers to Continue reading

HN714: Building The Branch Of The Future With SASE Powered By AI (Sponsored)

SD-WAN is evolving to encompass more features and capabilities around security, application performance, network visibility, and more. On today’s Heavy Networking, sponsored by Palo Alto Networks, we look at how SD-WAN has transformed from a simple network connectivity solution to a comprehensive networking and security system. We discuss the limitations of legacy branch routers and... Read more »

HN714: Building The Branch Of The Future With SASE Powered By AI (Sponsored)

SD-WAN and SASE are evolving to encompass more features and capabilities around security, application performance, network visibility, and more. On today's Heavy Networking, sponsored by Palo Alto Networks, we look at how AI is transforming SD-WAN and SASE to help build the branch of the future.

The post HN714: Building The Branch Of The Future With SASE Powered By AI (Sponsored) appeared first on Packet Pushers.

D2C225: Security KubeConversations Part 2 – Cloud-Native Security Challenges

This is part two of a special edition of Day Two Cloud with conversations recorded at KubeCon 2023 in Chicago. These conversations cover the state of cloud-native security, getting a holistic view of your cloud-native environment, security challenges for Kubernetes, and the state of the software supply chain.

The post D2C225: Security KubeConversations Part 2 – Cloud-Native Security Challenges appeared first on Packet Pushers.

Conditional Git Configuration

Building on the earlier article on automatically transforming Git URLs, I’m back with another article on a (potentially powerful) feature of Git—the ability to conditionally include Git configuration files. This means you can configure Git to be configured (and behave) differently based on certain conditions, simply by including or not including Git configuration files. Let’s look at a pretty straightforward example taken from my own workflow.

Here’s a configuration stanza from my own system-wide Git configuration:

[includeIf "gitdir:~/Work/Code/Repos/"]
    path = ~/Work/Code/Repos/.gitconfig

The key here is the includeIf keyword. In this case, Git will include the referenced configuration file specified by path, if the location of the Git repository matches the path specification after gitdir. Basically, what this means is that all repositories under ~/Work/Code/Repos will trigger the inclusion of the additional configuration file.

Here’s the additional configuration file:

[user]
    email = name@work-domain.com
    name = Scott Lowe
[commit]
    gpgsign = false

As long as I group all work-relatd repositories in the specified directory path, these values override the system-wide values. This means I can specify my work e-mail address as the e-mail Continue reading

Optimizing NSX Performance Based on Workload and ROI

Optimizing NSX Performance Based on Workload

Overview

Performance tuning, in general, requires a holistic view of the application traffic profiles, features leveraged and the criteria for performance from the application perspective. In this blog, we will take a look at some of the factors to consider when optimizing NSX for performance.

Applications

In a typical data center, applications may have different requirements based on their traffic profile. Some applications such as backup services, log files and certain types of web traffic etc., may be able to leverage all the available bandwidth. These long traffic flows with large packets are called elephant flows. These applications with elephant flows, in general, are not sensitive to latency. 

In contrast, in-memory databases, message queuing services such as Kafka, and certain Telco applications may be sensitive to latency. These traffic flows, which are short lived and use smaller packets are generally called mice flows. Applications with mice flows are not generally bandwidth hungry.

While in general, virtual datacenters may be running a mixed set of workloads which should run as is without much tuning, there may be instances where one may have to tune to optimize performance for specific applications. For example, applications Continue reading

KU043: How (& Why) To Contribute To The Kubernetes Release Team

Cloud engineer Leonard Pahlke talks about his experience over six terms on the Kubernetes release team. He discusses his journey from discovering Kubernetes during his bachelor’s program to joining the release team and moving through various roles. He emphasizes the importance of community involvement, the welcoming nature of open source and cloud native fields, and... Read more »

KU043: How (& Why) To Contribute To The Kubernetes Release Team

Cloud engineer Leonard Pahlke talks about his experience over six terms on the Kubernetes release team, from joining to moving through various roles. He emphasizes the importance of community involvement, the welcoming nature of open source and cloud native fields, and the diverse opportunities for contribution.

The post KU043: How (& Why) To Contribute To The Kubernetes Release Team appeared first on Packet Pushers.

IPB141: IPv6 End Of Year Wrap-Up 

In this episode Ed, Scott, and Tom talk about 2023 and what stood out to us as important for IPv6. Topics discussed include: Overall levels of IPv6 adoption IPv6 security in 2023 IETF efforts with IPv6 IPv6-only in the enterprise Thanks for listening! Show Links: IPv6 Deployment Status (RFC 9386), April 2023 – RFC Editor Four... Read more »
1 168 169 170 171 172 3,825