Michael Brenner Brings Big Picture Clarity to Cloudify
He has perspective on TOSCA & YANG, too.
Context, Visibility and Containment – NSX Securing “Anywhere” Part V
Welcome to part 5 of the Micro-Segmentation Defined– NSX Securing “Anywhere” blog series. Previous topics covered in this series includes
- Part I – Micro-segmentation Defined
- Part II – Securing Physical Environments
- Part III – Operationalizing Micro-segmentation
- Part IV – Service Insertion
In this post we describe how NSX micro-segmentation enables fundamental changes to security architectures which in turn facilitate the identification of breaches:
- By increasing visibility throughout the SDDC, eliminating all blind spots
- By making it feasible and simple to migrate to a whitelisting / least privileges / zero-trust security model
- By providing rich contextual events and eliminating false positives to SIEMs
- By providing inherent containment even for Zero Day attacks
Threat analysis is the new trend of the security landscape and established vendors as well as startups are proposing many tools to complement the current perimeter logging approach. The attraction for these tools is based on the assumption that by correlating flows from different sources within a perimeter, threat contexts will emerge and compromised systems will be uncovered. Currently, these systems go unnoticed for long periods of times because the suspicious traffic moves laterally inside the perimeter and does not traverse a security device: you can’t Continue reading
Serverless Architecture Pros And Cons
Learn about the benefits and drawbacks of one of the hottest trends in IT today.
Evenly Distributed Future
Traveling back and forth between the UK and US I often find myself answering the question “What does CloudFlare do?”. That question gets posed by USCIS on arrival and I’ve honed a short and accurate answer: “CloudFlare protects web sites from hackers, makes web sites faster and ensures they work on your computer, phone or tablet.”
If anyone, border agents or others, wants more detail I usually say: “If you run a web site or API for an app and you are Amazon.com, Google, Yahoo or one of a handful of major Internet sites you have the expertise to stay on top of the latest technologies and attacks; you have the staff to accelerate your web site and keep it fully patched. Anyone else, and that’s almost every web site on the Internet, simply will not have the money, people, or knowledge to ‘be a Google’. That’s where CloudFlare comes in: we make sure to stay on top of the latest trends in the Internet so that every web site can ‘be Google’."
The author William Gibson has said many times: “The future is already here Continue reading
Growing Hyperconverged Platforms Takes Patience, Time, And Money
In this day and age when the X86 server has pretty much taken over compute in the datacenter, enterprise customers still have their preferences and prejudices when it comes to the make and model of X86 machine that they deploy to run their applications. So a company that is trying to get its software into the datacenter, as server-storage hybrid Nutanix is, needs to befriend the big incumbent server makers and get its software onto their boxes.
This is not always an easy task, given that some of these companies have their own hyperconverged storage products or they have a …
Growing Hyperconverged Platforms Takes Patience, Time, And Money was written by Timothy Prickett Morgan at The Next Platform.
Proof Of Concept: Tips For Successful Testing
A POC can help avoid costly mistakes when buying software. Here are some tips to ensure a smooth process.
Networking Is Infrastructure – Get Used to It
Jeff Sicuranza left a great comment to one of my blog posts:
Still basically the same old debate from 25 years ago that experienced Network Architects and Engineers understood during technology changes; "Do you architect your network around an application(s) or do you architect your application(s) around your network"
I would change that to “the same meaningless debate”. Networking is infrastructure; it’s time we grow up and get used to it.
Read more ...A lesson in social engineering: president debates
In theory, we hackers are supposed to be experts in social engineering. In practice, we get suckered into it like everyone else. I point this out because of the upcoming presidential debates between Hillary and Trump (and hopefully Johnson). There is no debate, there is only social engineering.Some think Trump will pull out of the debates, because he's been complaining a lot lately that they are rigged. No. That's just because Trump is a populist demagogue. A politician can only champion the cause of the "people" if there is something "powerful" to fight against. He has to set things up ahead of time (debates, elections, etc.) so that any failure on his part can be attributed to the powerful corrupting the system. His constant whining about the debates doesn't mean he'll pull out any more than whining about the election means he'll pull out of that.
Moreover, he's down in the polls (What polls? What's the question??). He therefore needs the debates to pull himself back up. And it'll likely work -- because social-engineering.
Here's how the social engineering works, and how Trump will win the debates.
The moderators, the ones running the debate, will do their best Continue reading
Bugs don’t come from the Zero-Day Faerie
This WIRED "article" (aka. thinly veiled yellow journalism) demonstrates the essential thing wrong with the 0day debate. Those arguing for NSA disclosure of 0days believe the Zero-Day Faerie brings them, that sometimes when the NSA wakes up in the morning, it finds a new 0day under its pillow.The article starts with the sentences:
WHEN THE NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence.But the NSA doesn't accidentally "discover" 0days -- it hunts for them, for the purpose of hacking. The NSA first decides it needs a Cisco 0day to hack terrorists, then spends hundreds of thousands of dollars either researching or buying the 0day. The WIRED article imagines that at this point, late in the decision cycle, that suddenly this dilemma emerges. It doesn't.
The "dilemma" starts earlier in the decision chain. Is it worth it for the government to spend $100,000 to find and disclose a Cisco 0day? Continue reading
mVPN Fun in the Lab: Connect a Customer – Part 2 of 6
In our last blog (MPLS Fun in the Lab: Building the MPLS Cloud – Part 1) we built our MPLS cloud. Now… we are ready to connect a customer! Connect the Customer We will connect the customer in 5 steps... Read More ›
The post mVPN Fun in the Lab: Connect a Customer – Part 2 of 6 appeared first on Networking with FISH.
QoS? Really?
I wrote this post during Cisco Live and said “I’ll just give it a once-over tonight and publish it.” That was something like 6 weeks ago now. What a loser I am.
Yes, really. QoS has actually gotten some attention this year. After how many years of living in the dark and being feared by junior and senior engineers alike, we’re seeing some really cool technologies coming out for it.
I was honored to be invited to Tech Field Day Extra this morning while I’m at Cisco Live. If you don’t know about TFD, you’re missing out. A group of influencers gather in a room and get very deep and very technical presentations from vendors. Today, Cisco came and talked about a couple of topics including branch security and QoS. Obviously, the QoS was the big hitter for me.
Tim Szigeti (@tim_szigeti) kicked off the QoS conversation by talking about some of the recent advancements in QoS in both hardware and software. In hardware, he discussed the programmability of the new ASICs that Cisco is using in their switches and routers. These ASICs are dumb out of the box, but they are very willing to learn. Want it Continue reading