Introducing Calico Runtime Threat Defense—The most extensive security coverage for containers and Kubernetes

Containerized applications are complex, which is why an effective container security strategy is difficult to design and execute. As digitalization continues to push applications and services to the cloud, bad actors’ attack techniques have also become more sophisticated, which further challenges container security solutions available on the market.

Despite the discussion around agent vs agentless in the cloud security landscape and which type of solution is better, the most valuable solution is one that provides a wide breadth of coverage. Calico is unique as it is already installed as part of the underlying platform and provides the dataplane for a Kubernetes cluster. When Calico Cloud or Calico Enterprise is deployed, security and observability capabilities can be enabled on top of these core components. We provide a simple plug-and-play active security solution that focuses on securing workloads and the Kubernetes platform with the least amount of complexity and configuration.

Runtime attack vectors

Cloud-native applications are susceptible to many attack vectors. We have broken them down to eight, as seen in the following illustration:

Fig 1: Cloud-native attack vectors

In previous blogs, we have explained how the use of vulnerability management, zero-trust workload security, and microsegmentation can help reduce the Continue reading

Cloudflare’s view of the Virgin Media outage in the UK

Cloudflare’s view of the Virgin Media outage in the UK

Just after midnight (UTC) on April 4, subscribers to UK ISP Virgin Media (AS5089) began experiencing an Internet outage, with subscriber complaints multiplying rapidly on platforms including Twitter and Reddit.

Cloudflare Radar data shows Virgin Media traffic dropping to near-zero around 00:30 UTC, as seen in the figure below. Connectivity showed some signs of recovery around 02:30 UTC, but fell again an hour later. Further nominal recovery was seen around 04:45 UTC, before again experiencing another complete outage between around 05:45-06:45 UTC, after which traffic began to recover, reaching expected levels around 07:30 UTC.

After the initial set of early-morning disruptions, Virgin Media experienced another round of issues in the afternoon. Cloudflare observed instability in traffic from Virgin Media’s network (called an autonomous system in Internet jargon) AS5089 starting around 15:00 UTC, with a significant drop just before 16:00 UTC. However in this case, it did not appear to be a complete outage, with traffic recovering approximately a half hour later.

Cloudflare’s view of the Virgin Media outage in the UK

Virgin Media’s Twitter account acknowledged the early morning disruption several hours after it began, posting responses stating “We’re aware of an issue that is affecting broadband services for Virgin Media customers as well as our contact centres. Our teams Continue reading

Colocation vs. cloud: SEO firm finds cloud to be cost prohibitive for its high density computing

A software firm in Singapore claims it would cost more than $400 million over three years if it were to migrate from its existing colocation setup and move its workloads to the Amazon Web Services (AWS) cloud. Notably, the firm runs a very compute-intensive environment, and high density computing can be very expensive to duplicate in cloud environments.Ahrefs, which develops search engine optimization tools, made the $400 million claim in a March 9 blog post by one of the company’s data center operations executives, Efim Mirochnik. Mirochnik compared the cost of acquiring and running its 850 Dell servers in a colocation provider’s data center with the cost of running a similar configuration in AWS.To read this article in full, please click here

Colocation vs. cloud: SEO firm finds cloud to be cost prohibitive for its high density computing

A software firm in Singapore claims it would cost more than $400 million over three years if it were to migrate from its existing colocation setup and move its workloads to the Amazon Web Services (AWS) cloud. Notably, the firm runs a very compute-intensive environment, and high density computing can be very expensive to duplicate in cloud environments.Ahrefs, which develops search engine optimization tools, made the $400 million claim in a March 9 blog post by one of the company’s data center operations executives, Efim Mirochnik. Mirochnik compared the cost of acquiring and running its 850 Dell servers in a colocation provider’s data center with the cost of running a similar configuration in AWS.To read this article in full, please click here

Fortinet consolidates SD-WAN and SASE management

Tighter integration between Fortinet's SASE and SD-WAN offerings is among the new features enabled by the latest version of the company's core operating system.FortiOS version 7.4 also includes better automation across its Security Fabric environment, and improved management features.FortiOS is the operating system for the FortiGate family hardware and virtual components, and it implements Fortinet Security Fabric and includes firewalling, access control, Zero Trust, and authentication in addition to managing SD-WAN, switching, and wireless services. To read this article in full, please click here

Fortinet consolidates SD-WAN and SASE management

Tighter integration between Fortinet's SASE and SD-WAN offerings is among the new features enabled by the latest version of the company's core operating system.FortiOS version 7.4 also includes better automation across its Security Fabric environment, and improved management features.FortiOS is the operating system for the FortiGate family hardware and virtual components, and it implements Fortinet Security Fabric and includes firewalling, access control, Zero Trust, and authentication in addition to managing SD-WAN, switching, and wireless services. To read this article in full, please click here

BrandPost: Top 5 ways network switches help you do more with less

By: Sue Gillespie, Senior Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Wondering how a network switch helps an enterprise network get ready for the latest technologies like Wi-Fi 6/6E and securely connects new endpoints and applications – all while keeping stretched IT teams sane?Network switches, often referred to as Ethernet switches, are certainly not the new kids on the block. Recent product and technology innovations have brought big operational efficiency gains, resiliency with always on performance, visibility with built-in analytics, and enhanced security capabilities. And when combined with unified cloud management, network switches create a unified infrastructure that’s simpler to manage and ready for challenges that lie ahead.To read this article in full, please click here

Real-time flow analytics on VyOS

VyOS with Host sFlow agent describes support for streaming sFlow telemetry added to the open source VyOS router operating system. This article describes how to install analytics software on a VyOS router by configuring a container. 
vyos@vyos:~$ add container image sflow/ddos-protect
First, download the sflow/ddos-protect image. 
vyos@vyos:~$ mkdir -m 777 /config/sflow-rt
Create a directory to store persistent container state. 
set container name sflow-rt image sflow/ddos-protect
set container name sflow-rt allow-host-networks
set container name sflow-rt arguments '-Dhttp.hostname=10.0.0.240'
set container name sflow-rt environment RTMEM value 200M
set container name sflow-rt memory 0
set container name sflow-rt volume store source /config/sflow-rt
set container name sflow-rt volume store destination /sflow-rt/store
Configure a container to run the image. The RMEM environment variable setting limits the amount of memory that the container will use to 200M bytes. The -Dhttp.hostname argument sets the internal web server to listen on management address, 10.0.0.240, assigned to eth0 on this router. The container has is no built-in authentication, so access needs to be limited using an ACL or through a reverse proxy - see Download and install.
set system sflow interface eth0
set system sflow interface eth1
set system sflow interface  Continue reading

What’s New: Cloud Automation with amazon.cloud 0.3.0

Blog Whats new with cloud control API collection

Last year, we made available an experimental alpha Ansible Content Collection of generated modules using the AWS Cloud Control API to interact with AWS services. Although the Collection is not intended for production, we are constantly trying to improve and extend its functionality and achieve its supportability in the future.

In this blog post, we will go over what else has changed and highlight what’s new in the 0.3.0 release of this Ansible Content Collection.

 

Forward-looking Changes

Much of our work in release 0.3.0 focused on releasing several new enhancements, clarifying supportability policies, and extending the automation umbrella by generating new modules. Let’s deep dive into it!

 

New boto3/botocore Versioning

The amazon.cloud Collection has dropped support for botocore<1.28.0 and boto3<1.25.0. Most modules will continue to work with older versions of the AWS Software Development Kit (SDK), however, compatibility with older versions of the AWS SDK is not guaranteed and will not be tested. 

 

New Ansible Support Policy

This Collection release drops support for  ansible-core<2.11. In particular, Ansible Core 2.10 and Ansible 2.9 are not supported. For more information, visit Ansible release documentation.

 

Continue reading

Oxy: the journey of graceful restarts

Oxy: the journey of graceful restarts
Oxy: the journey of graceful restarts

Any software under continuous development and improvement will eventually need a new version deployed to the systems running it. This can happen in several ways, depending on how much you care about things like reliability, availability, and correctness. When I started out in web development, I didn’t think about any of these qualities; I simply blasted my new code over FTP directly to my /cgi-bin/ directory, which was the style at the time. For those of us producing desktop software, often you sidestep this entirely by having the user save their work, close the program and install an update – but they usually get to decide when this happens.

At Cloudflare we have to take this seriously. Our software is in constant use and cannot simply be stopped abruptly. A dropped HTTP request can cause an entire webpage to load incorrectly, and a broken connection can kick you out of a video call. Taking away reliability creates a vacuum filled only by user frustration.

The limitations of the typical upgrade process

There is no one right way to upgrade software reliably. Some programming languages and environments make it easier than others, but in a Turing-complete language few things are impossible.

Continue reading

Oracle plans second cloud region in Singapore to meet growing demand

Oracle on Tuesday said it is planning to add a second cloud region in Singapore to meet the growing demand for cloud services across Southeast Asia.“Our upcoming second cloud region in Singapore will help meet the tremendous upsurge in demand for cloud services in South East Asia,” Garrett Ilg, president, Japan & Asia Pacific at Oracle, said in a statement.Public cloud services market across Asia Pacific, excluding Japan, is expected to reach $153.6 billion in 2026 from $53.4 billion in 2021, growing at a compound annual growth rate of 23.5%, according to a report from IDC.To read this article in full, please click here

Oracle plans second cloud region in Singapore to meet growing demand

Oracle on Tuesday said it is planning to add a second cloud region in Singapore to meet the growing demand for cloud services across Southeast Asia.“Our upcoming second cloud region in Singapore will help meet the tremendous upsurge in demand for cloud services in South East Asia,” Garrett Ilg, president, Japan & Asia Pacific at Oracle, said in a statement.Public cloud services market across Asia Pacific, excluding Japan, is expected to reach $153.6 billion in 2026 from $53.4 billion in 2021, growing at a compound annual growth rate of 23.5%, according to a report from IDC.To read this article in full, please click here

netlab Release 1.5.1: VLAN and VRF Links

netlab release 1.5.1 makes it easier to create topologies with lots of VRF- or VLAN access links, or topologies with numerous similar links. It also includes support for D2 diagram scripting language in case you prefer its diagrams over those generated by Graphviz.

Even if you don’t find those features interesting (more about them later), you might want to upgrade to fix a nasty container-related behavior I discovered in recently-upgraded Ubuntu servers.

Read more …
1 310 311 312 313 314 3,832