Security that’s Designed for the Modern Data Center

The last 12 months have been incredibly exciting for the security business at VMware. Last year at RSA Conference 2019, VMware CEO Pat Gelsinger outlined our Intrinsic Security strategy in his keynote presentation, “3 Things the Security Industry Isn’t Talking About”. We also announced the VMware Service-defined Firewall, a stateful Layer 7 data center firewall. As pioneers of micro-segmentation, the Service-defined Firewall extended our leadership in protecting east-west traffic in the data center.

Later in the year, we announced two major acquisitions –Avi Networks and Carbon Black. The acquisition of Carbon Black brought to VMware an industry-leading endpoint security platform, and made the entire industry take notice of VMware’s intentions to transform security. With Avi Networks, we acquired a software-defined, elastic, and high-performance load balancer that comes equipped with a full-featured web application firewall (WAF). Maintaining the momentum in building out our security portfolio for the digital enterprise, we announced the VMware NSX Distributed Intrusion Detection and Prevention System which will bring advanced threat controls to the Service-defined Firewall.

At RSA Conference 2020, we are introducing VMware Advanced Security for Cloud Foundation, a modern data center security solution for today’s private and public clouds. This solution will include VMware Carbon Continue reading

Pragmatic EVPN Designs

While running the Using VXLAN And EVPN To Build Active-Active Data Centers workshop in early December 2019 I got the usual set of questions about using BGP as the underlay routing protocol in EVPN fabrics, and the various convoluted designs like IBGP-over-EBGP or EBGP-between-loopbacks over directly-connected-EBGP that some vendors love so much.

I got a question along the same lines from one of the readers of my latest EPVN rant who described how convoluted it is to implement the design he’d like to use with the gear he has (I won’t name any vendor because hazardous chemical substances get mentioned when I do).

Read more ...

Juniper bolsters wireless security; fights against encrypted malicious threats

Juniper is filling out its enterprise security portfolio this week by integrating support for its Mist wireless customers and adding the capability for customers to gain better visibility and control over encrypted traffic threats.With the new additions, Juniper is looking to buttress its ability to let users secure all traffic traversing the enterprise network via campus, WAN or data center. The moves are part of Juniper's grand Connected Security platform that includes a variety of security products including its next-generation firewalls that promise to protect networked resources across infrastructure and endpoints.To read this article in full, please click here

Cisco goes to the cloud with broad enterprise security service

Cisco has unveiled a cloud-based security platform it says will go a long way in helping customers protect their far-flung networked resources.Cisco describes the new SecureX service as offering  an open, cloud-native system that will let customers detect and remediate threats across Cisco and third-party products from a single interface. IT security teams can then automate and orchestrate security management across enterprise cloud, network and applications and end points.Network pros react to new Cisco certification curriculum “Until now, security has largely been piecemeal with companies introducing new point products into their environments to address every new threat category that arises,” wrote Gee Rittenhouse senior vice president and general manager of Cisco’s Security Business Group in a blog about SecureX.To read this article in full, please click here

Juniper bolsters wireless security; fights against encrypted malicious threats

Juniper is filling out its enterprise security portfolio this week by integrating support for its Mist wireless customers and adding the capability for customers to gain better visibility and control over encrypted traffic threats.With the new additions, Juniper is looking to buttress its ability to let users secure all traffic traversing the enterprise network via campus, WAN or data center. The moves are part of Juniper's grand Connected Security platform that includes a variety of security products including its next-generation firewalls that promise to protect networked resources across infrastructure and endpoints.To read this article in full, please click here

Cisco goes to the cloud with broad enterprise security service

Cisco has unveiled a cloud-based security platform it says will go a long way in helping customers protect their far-flung networked resources.Cisco describes the new SecureX service as offering  an open, cloud-native system that will let customers detect and remediate threats across Cisco and third-party products from a single interface. IT security teams can then automate and orchestrate security management across enterprise cloud, network and applications and end points.Network pros react to new Cisco certification curriculum “Until now, security has largely been piecemeal with companies introducing new point products into their environments to address every new threat category that arises,” wrote Gee Rittenhouse senior vice president and general manager of Cisco’s Security Business Group in a blog about SecureX.To read this article in full, please click here

Fortinet Forges FortiAI Security Service

The service utilizes a "self-learning" deep neural network to automate rote security tasks to...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Train to become a skilled Python coder for just $50

Python is one of the most widely used coding languages in the world. And, good news, it isn’t very difficult to learn — especially for those experienced using other platforms. If you want an introduction to the language, but would rather avoid a traditional college education, then give The Complete 2020 Python Programming Certification Bundle a try.To read this article in full, please click here

Daily Roundup: Cisco SecureX All-In on Cloud Native

Cisco went all-in on cloud-native security with SecureX; AT&T joined Open Cybersecurity...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Seamless remote work with Cloudflare Access

Seamless remote work with Cloudflare Access

The novel coronavirus is actively changing how organizations work in real-time. According to Fortune, the virus has led to the “world’s largest work-from-home experiment.” As the epidemic crosses borders, employees are staying home and putting new stress on how companies manage remote work.

This is only accelerating an existing trend, however. Remote work has gained real traction in the last decade and Gartner projects that it will only continue. However, teams which are moving to a distributed model tend to do so slowly. When those timelines are accelerated, IT and security administrators need to be able to help their workforce respond without disrupting their team members.

Cloudflare Access can help teams migrate to a model that makes it seamless for users to work from any location, or any device, without the need for lengthy migrations or onboarding sessions. Cloudflare Access can be deployed in less than one hour and bring SaaS-like convenience and speed to the self-hosted applications that previously lived behind a VPN.

Leaving the castle-and-moat

When users share a physical space, working on a private network is easy. Users do not need clunky VPN clients to connect to the resources they need. Team members physically sit close Continue reading

Topology matters: how port-per-workload management strategies no longer hold up

In the beginning, there were switches. And connected to these switches were servers, routers and other pieces of gear. These devices ran one application, or at a stretch, multiple applications on the same operating system and thus IP stack. It was very much one-server-per-port; the SQL Server was always on port 0/8, and shutting down port 0/8 would affect only that machine.

This is no longer true, as network engineers well know. Physical hardware no longer dictates what, where, and how servers and other workloads exist. Cloud computing, multi-tenant virtual infrastructures and dynamically reallocated virtual resources mean that one port can cover 20 or 200 servers. Conversely, link aggregation and other forms of port density protocols mean that one server can have fault-tolerant aggregated links across one, five or 50 ports.

A new way of looking at switching—as a logical, rather than physical, topology—is required. In this view, switches aren’t so much pieces of the network architecture themselves, but simply ports that can be used to set up much more complex logical links. This article will focus on two main concepts: routing protocols (to allow better utilization of underutilized switching links) and switching protocols such as STP (those used to Continue reading

Tech Bytes: Getting A Full-Fidelity View Of Network Security With Riverbed (Sponsored)

On today's Tech Bytes we discuss the essential role that visibility plays in network security. Riverbed is our sponsor. We explore how Riverbed brings together logs, flow records, and packet capture to provide a full-fidelity view from multiple angles to help you respond to analyze security events. Our guests are Marco Di Benedetto, SVP and CTO; and Vincent Berk, VP and Chief Architect for Security at Riverbed.

The post Tech Bytes: Getting A Full-Fidelity View Of Network Security With Riverbed (Sponsored) appeared first on Packet Pushers.

Verizon Warns of Rising Enterprise Mobile Security Risk

The operator’s third annual survey on mobile security concluded that 43% of respondents believe...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Socratic vs. Euclidean Forms of API Documentation

 

I was emailing a service about their documentation and while their doc was good, about one particularly tricky concept they told me that once you use it for a while, that’s when you’ll understand it.

In other words: you’ll only understand it after you understand it.

I didn’t like that response. I want documentation that takes me from an unproductive newbie to a somewhat functioning journeyperson. Not an expert, but I want to get stuff done as soon as possible. And for that you need to understand the mental model behind the API. Otherwise, how do you know how to make anything happen?

I realize it’s hard to make good documentation. I spent a lot of time writing Explain the Cloud Like I'm 10 just to communicate the mental model behind the cloud. It’s not easy.

Then I read that something that showed me there are two different styles of documentation: Euclidean and Socratic:

Euclidean - state your axioms and let users derive the rest. Easiest for the API provider, but hardest on the user. This is the most common form of documentation. You see it all the time. Each entry point in the API is sort of Continue reading

Cisco SecureX Unifies Network, Cloud, Endpoint Security

Cisco’s 2020 CISO Benchmark Study found that 28% of security professionals say that managing a...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Network Break 272: Dell Technologies Sells RSA; Nubeva Cracks TLS 1.3 With Out-Of-Band Decryption

The latest Network Break podcast analyzes Dell Technologies' sale of its RSA business unit; what sponsor cancellations at the RSA Conference might mean for large tech events going forward; Arista Networks' financial results; new capabilities in products from ExtraHop, Nubeva, and Spirent; and more tech news.

The post Network Break 272: Dell Technologies Sells RSA; Nubeva Cracks TLS 1.3 With Out-Of-Band Decryption appeared first on Packet Pushers.

Leading Japan to a Better Future with KCME’s Hyungbae Kim

We hear from KCME's Hyungbae Kim on his work on mobile development to create a more sustainable and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

The Week in Internet News: ISPs Sue Maine Over New Privacy Law

Protesting privacy: Four ISP trade groups are suing the state of Maine for a privacy law that goes into effect this year, Ars Technica reports. Among other things, the law supposedly violates ISP free speech rights because it limits their ability to advertise to their customers and to offer discounts in exchange for customers’ personal information. The Maine law requires ISPs to get customers’ opt-in consent before using or sharing sensitive data.

DSL over fiber: The California Advanced Services Fund, a program launched in 2008 to connect all Californians to broadband, was an early success, but recent actions in the state legislature have encouraged slow speeds of 6 Mbps and eliminated the fund’s ability to serve public housing already served by slow DSL service, the EFF says in a blog post. “By establishing an abysmally low standard based on DSL technology that made its debut more than a decade ago, the state’s regulator is forced to conclude that basically everyone has useful broadband access today,” the EFF says. “This has kept the state from closing the digital divide.”

It’s getting better: Nigeria is making great strides in getting residents connected to the Internet, the BBC reports. More than Continue reading