Heavy Networking 693: Securing Workforce Transformation With Cloud SWG (Sponsored)

On today's sponsored Heavy Networking we dig into cloud-delivered Secure Web Gateways (SWGs), which help guard end users against Web-based threats and enforce corporate Web access policies. As employees split time between home, office, and who knows where else, and as more applications move online, cloud-based SWGs help connect and protect workers. Our sponsor is Palo Alto Networks.

The post Heavy Networking 693: Securing Workforce Transformation With Cloud SWG (Sponsored) appeared first on Packet Pushers.

DNSOP at IETF117

After the flurry of work in various aspects of DNS privacy, the IETF’s agenda for DNS has shifted towards more maintenance and update. This does not mean that the volume of work has abated in any way, but it has dropped the more focussed stance of previous meetings to a broader diversity of topics in operating DNS infrastructure.

IEPG at IETF117

The IEPG meets for a couple of hours before each IETF meeting. It's a somewhat eclectic collection of presentations, with some vague common thread of relevance to Internet operations. Here's a summary of my impression from these IEPG session presentations for IETF 117.

Gen-AI HPC infrastructure provider CoreWeave scores $2.3 billion financing deal

CoreWeave, a specialist cloud provider offering high performance computing services to meet growing corporate demand for generative AI workloads, announced Thursday that it has received a $2.3 billion debt financing package from several asset management firms.The key to CoreWeave’s focus on the AI market is in its hardware. The company sells primarily GPU-based virtual machines, which are particularly well-suited for AI workloads. According to Gartner vice president and analyst Arun Chandrasekaran, CoreWeave’s advertised low cost is a function of its ties to Nvidia, with which, CoreWeave has said, it has a preferred supplier arrangement, enabling it to pass on savings.To read this article in full, please click here

Gen-AI HPC infrastructure provider CoreWeave scores $2.3 billion financing deal

CoreWeave, a specialist cloud provider offering high performance computing services to meet growing corporate demand for generative AI workloads, announced Thursday that it has received a $2.3 billion debt financing package from several asset management firms.The key to CoreWeave’s focus on the AI market is in its hardware. The company sells primarily GPU-based virtual machines, which are particularly well-suited for AI workloads. According to Gartner vice president and analyst Arun Chandrasekaran, CoreWeave’s advertised low cost is a function of its ties to Nvidia, with which, CoreWeave has said, it has a preferred supplier arrangement, enabling it to pass on savings.To read this article in full, please click here

Fortinet bolsters SD-WAN services, security with new software, next-generation firewalls

Fortinet has added new features to its SD-WAN software and a next-generation firewall series that promise to help customers better monitor and protect distributed enterprise resources.On the SD-WAN front, Fortinet is introducing two services – a network underlay and overlay option to let customers better manage WAN traffic to remote sites. The Underlay Performance Monitoring Service for SD-WAN utilizes the vendor’s core central management system FortiManager and FortiGuard’s database of hundreds of popular SaaS and cloud implementations, to offer visibility into the performance of the underlay network.  The underlay network is typically made up if the physical network infrastructure supporting traffic between distributed cloud or remote office resources.To read this article in full, please click here

Fortinet bolsters SD-WAN services, security with new software, next-generation firewalls

Fortinet has added new features to its SD-WAN software and a next-generation firewall series that promise to help customers better monitor and protect distributed enterprise resources.On the SD-WAN front, Fortinet is introducing two services – a network underlay and overlay option to let customers better manage WAN traffic to remote sites. The Underlay Performance Monitoring Service for SD-WAN utilizes the vendor’s core central management system FortiManager and FortiGuard’s database of hundreds of popular SaaS and cloud implementations, to offer visibility into the performance of the underlay network.  The underlay network is typically made up if the physical network infrastructure supporting traffic between distributed cloud or remote office resources.To read this article in full, please click here

Using Web Application Firewall at container-level for network-based threats

The microservices architecture provides developers and DevOps engineers significant agility that helps them move at the pace of the business. Breaking monolithic applications into smaller components accelerates development, streamlines scaling, and improves fault isolation. However, it also introduces certain security complexities since microservices frequently engage in inter-service communications, primarily through HTTP-based APIs, thus broadening the application’s attack surface. This scenario is similar to breaking a chunk of ice into smaller pieces, increasing its surface area. It is crucial that enterprises address these security challenges before benefiting from adopting a microservice architecture.

Challenges implementing defense-in-depth for containers with perimeter-based Web Application Firewall

Kubernetes is the de-facto standard for microservices orchestration. However, as organizations increasingly adopt Kubernetes, they run the risk of inadvertently introducing security gaps. This is often the result of attempts to integrate traditional security tooling into a cloud-native ecosystem that is highly dynamic, ephemeral, and non-deterministic. Instead of implementing security around the platform, DevOps, security, and platform teams must look at enforcing defenses through the platform.

Let’s look at an example of a web application firewall (WAF) which is typically deployed at the ingress of a network or application. As shown in the diagram below, HTTP traffic is Continue reading

Integrate Cloudflare Zero Trust with Datadog Cloud SIEM

Integrate Cloudflare Zero Trust with Datadog Cloud SIEM
Integrate Cloudflare Zero Trust with Datadog Cloud SIEM

Cloudflare's Zero Trust platform helps organizations map and adopt a strong security posture. This ranges from Zero Trust Network Access, a Secure Web Gateway to help filter traffic, to Cloud Access Security Broker and Data Loss Prevention to protect data in transit and in the cloud. Customers use Cloudflare to verify, isolate, and inspect all devices managed by IT. Our composable, in-line solutions offer a simplified approach to security and a comprehensive set of logs.

We’ve heard from many of our customers that they aggregate these logs into Datadog’s Cloud SIEM product. Datadog Cloud SIEM provides threat detection, investigation, and automated response for dynamic, cloud-scale environments. Cloud SIEM analyzes operational and security logs in real time – regardless of volume – while utilizing out-of-the-box integrations and rules to detect threats and investigate them. It also automates response and remediation through out-of-the-box workflow blueprints. Developers, security, and operations teams can also leverage detailed observability data and efficiently collaborate to accelerate security investigations in a single, unified platform. We previously had an out-of-the-box dashboard for Cloudflare CDN available on Datadog. These help our customers gain valuable insights into product usage and performance metrics for response times, HTTP status codes, cache hit rate. Continue reading

Ansible data manipulation with a Filter

This year at Summit, an attendee posed a question about how to work with setting facts and changing data in Ansible. Many times we’ve come across people using task after task to manipulate data, to turn items into lists, filter our options, trying to do heavy data manipulation and to turn data from one source into another. Trying to make these programmatic changes using a mixture of YAML and Jinja inside of roles and playbooks is a headache of its own. While many of these options will work, they aren’t very efficient or easy to implement. Ansible Playbooks were never meant for programming.

One solution that is usually overlooked is to do the manipulation in Python inside of a module or a filter. This article will detail how to create a filter to manipulate data. In addition, a repository for all code referenced in this article has been created.

This example was first developed as a module. However after review, it was determined that these data transformations are best done as filters. Filters can take multiple data inputs, do the programmatic operations, and then can be used in line where they are used as input or set as a fact. Continue reading

Ansible data manipulation with a Filter

Background:

This year at Summit, an attendee posed a question about how to work with setting facts and changing data in Ansible. Many times we’ve come across people using task after task to manipulate data, to turn items into lists, filter our options, trying to do heavy data manipulation and to turn data from one source into another. Trying to make these programmatic changes using a mixture of YAML and Jinja inside of roles and playbooks is a headache of its own. While many of these options will work, they aren’t very efficient or easy to implement. Ansible Playbooks were never meant for programming.

One solution that is usually overlooked is to do the manipulation in Python inside of a module or a filter. This article will detail how to create a filter to manipulate data. In addition, a repository for all code referenced in this article has been created. 

This example was first developed as a module. However after review, it was determined that these data transformations are best done as filters. Filters can take multiple data inputs, do the programmatic operations, and then can be used in line where they are used as input or set as Continue reading

New Project: BGP Hands-On Labs

Approximately 30 years ago I managed to persuade the powers-that-be within Cisco’s European training organization that they needed a deep-dive BGP course, resulting in a 3 (later 5) day Advanced BGP Configuration and Troubleshooting (ABCT) course1. I was delivering that course for close to a decade, and gradually built a decent story explaining the reasoning and use cases behind most of (then available) BGP features, from simple EBGP sessions to BGP route reflectors and communities2.

Now imagine having more than a dozen hands-on labs that go with the “BGP from rookie to hero” story available for any platform of your choice3. I plan to make that work (eventually) as an open-source project that you’ll be able to download and run free-of-charge.

Read more …

Unleashing An Open Source Torrent On CPUs And AI Engines

When you combine the forces of open source and the wide and deep semiconductor experience of legendary chip architect Jim Keller, something interesting is bound to happen.

The post Unleashing An Open Source Torrent On CPUs And AI Engines first appeared on The Next Platform.

Unleashing An Open Source Torrent On CPUs And AI Engines was written by Timothy Prickett Morgan at The Next Platform.

1 230 231 232 233 234 3,818