NetworkingNexus.net

Using the power of Cloudflare’s global network to detect malicious domains using machine learning

Cloudflare secures outbound Internet traffic for thousands of organizations every day, protecting users, devices, and data from threats like ransomware and phishing. One way we do this is by intelligently classifying what Internet destinations are risky using the domain name system (DNS). DNS is essential to Internet navigation because it enables users to look up addresses using human-friendly names, like cloudflare.com. For websites, this means translating a domain name into the IP address of the server that can deliver the content for that site.

However, attackers can exploit the DNS system itself, and often use techniques to evade detection and control using domain names that look like random strings. In this blog, we will discuss two techniques threat actors use – DNS tunneling and domain generation algorithms – and explain how Cloudflare uses machine learning to detect them.

Domain Generation Algorithm (DGA)

Most websites don’t change their domain name very often. This is the point after all, having a stable human-friendly name to be able to connect to a resource on the Internet. However, as a side-effect stable domain names become a point of control, allowing network administrators to use restrictions on domain names to enforce policies, for example Continue reading

Detecting API abuse automatically using sequence analysis

Today, we're announcing Cloudflare Sequence Analytics for APIs. Using Sequence Analytics, Customers subscribed to API Gateway can view the most important sequences of API requests to their endpoints. This new feature helps customers to apply protection to the most important endpoints first.

What is a sequence? It is simply a time-ordered list of HTTP API requests made by a specific visitor as they browse a website, use a mobile app, or interact with a B2B partner via API. For example, a portion of a sequence made during a bank funds transfer could look like:

Order	Method	Path	Description
1	GET	/api/v1/users/{user_id}/accounts	user_id is the active user
2	GET	/api/v1/accounts/{account_id}/balance	account_id is one of the user’s accounts
3	GET	/api/v1/accounts/{account_id}/balance	account_id is a different account belonging to the user
4	POST	/api/v1/transferFunds	Containing a request body detailing an account to transfer funds from, an account to transfer funds to, and an amount of money to transfer

Why is it important to pay attention to sequences for API security? If the above API received requests for POST /api/v1/transferFunds without any of the prior requests, it would Continue reading

Automatically discovering API endpoints and generating schemas using machine learning

Cloudflare now automatically discovers all API endpoints and learns API schemas for all of our API Gateway customers. Customers can use these new features to enforce a positive security model on their API endpoints even if they have little-to-no information about their existing APIs today.

The first step in securing your APIs is knowing your API hostnames and endpoints. We often hear that customers are forced to start their API cataloging and management efforts with something along the lines of “we email around a spreadsheet and ask developers to list all their endpoints”.

Can you imagine the problems with this approach? Maybe you have seen them first hand. The “email and ask” approach creates a point-in-time inventory that is likely to change with the next code release. It relies on tribal knowledge that may disappear with people leaving the organization. Last but not least, it is susceptible to human error.

Even if you had an accurate API inventory collected by group effort, validating that API was being used as intended by enforcing an API schema would require even more collective knowledge to build that schema. Now, API Gateway’s new API Discovery and Schema Learning features combine to automatically Continue reading

Announcing Cloudflare Fraud Detection

The world changed when the COVID-19 pandemic began. Everything moved online to a much greater degree: school, work, and, surprisingly, fraud. Although some degree of online fraud has existed for decades, the Federal Trade Commission reported consumers lost almost $8.8 billion in fraud in 2022 (an over 400% increase since 2019) and the continuation of a disturbing trend. People continue to spend more time alone than ever before, and that time alone makes them not just more targeted, but also more vulnerable to fraud. Companies are falling victim to these trends just as much as individuals: according to PWC’s Global Economic Crime and Fraud Survey, more than half of companies with at least $10 billion in revenue experienced some sort of digital fraud.

This is a familiar story in the world of bot attacks. Cloudflare Bot Management helps customers identify the automated tools behind online fraud, but it’s important to note that not all fraud is committed by bots. If the target is valuable enough, bad actors will contract out the exploitation of online applications to real people. Security teams need to look at more than just bots to better secure online applications and tackle modern, online fraud.

First Steps in IPv6 Deployments

Even though IPv6 could buy its own beer (in US, let alone rest of the world), networking engineers still struggle with its deployment – one of the first questions I got in the ipSpace.net Design Clinic was:

We have been tasked to start IPv6 planning. Can we discuss (for enterprises like us who all of the sudden want IPv6) which design paths to take?

I did my best to answer this question and describe the basics of creating an IPv6 addressing plan. For even more details, watch the IPv6 webinars (most of them at least a few years old, but nothing changed in the IPv6 world in the meantime apart from the SRv6 madness).

First Steps in IPv6 Deployments

We have been tasked to start IPv6 planning. Can we discuss (for enterprises like us who all of the sudden want IPv6) which design paths to take?

How network pros can fight being squeezed out of cloud decisions

There's a rumbling in the cloud as network professionals increasingly seek to reclaim what they believe is their rightful place in the enterprise management hierarchy.Network knowledge is now widespread within many other IT disciplines. "This means it's now sometimes easy for other teams to assume that they know all they need to know about networking, so they don't need to bother the network team," observes Josh Stephens, CTO of multi-cloud network automation provider BackBox.Network pros have unique perspectives. When it comes to multicloud decision-making, IT, cloud, cybersecurity, and network professionals all bring different perspectives and talents to the table. "IT teams have a deep understanding of the organization's overall technology, while cloud teams have expertise in cloud-based technology solutions, and cybersecurity teams have a thorough understanding of [cloud] security risks," says Dan Dulac, vice president of solutions strategy at network infrastructure provider Extreme Networks. Combining the insights of these experts, along with network professionals, is the best way for organizations to make informed decisions about their multicloud strategy, he says.To read this article in full, please click here

How sophisticated scammers and phishers are preying on customers of Silicon Valley Bank

By now, the news about what happened at Silicon Valley Bank (SVB) leading up to its collapse and takeover by the US Federal Government is well known. The rapid speed with which the collapse took place was surprising to many and the impact on organizations, both large and small, is expected to last a while.

Unfortunately, where everyone sees a tragic situation, threat actors see opportunity. We have seen this time and again - in order to breach trust and trick unsuspecting victims, threat actors overwhelmingly use topical events as lures. These follow the news cycle or known high profile events (The Super Bowl, March Madness, Tax Day, Black Friday sales, COVID-19, and on and on), since there is a greater likelihood of users falling for messages referencing what’s top of mind at any given moment.

The SVB news cycle makes for a similarly compelling topical event that threat actors can take advantage of; and it's crucial that organizations bolster their awareness campaigns and technical controls to help counter the eventual use of these tactics in upcoming attacks. It’s tragic that even as the FDIC is guaranteeing that SVB customers’ money is safe, bad actors are attempting to steal that Continue reading

DNS data shows one in 10 organizations have malware traffic on their networks

Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.

DNS data shows one in 10 organizations have malware traffic on their networks

Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.

SmartNIC, DPU Revenue Forecast To Grow 30% In 2023

Data Processing Unit (DPU) and SmartNIC vendors such as NVIDIA, Intel, and AMD are making a lot of noise about the ability of their adapters to offload work from CPUs and to run networking, security, and storage applications directly on a NIC inside a server. But that noise hasn’t necessarily turned into sales—at least not […]

The post SmartNIC, DPU Revenue Forecast To Grow 30% In 2023 appeared first on Packet Pushers.

HPE Aruba, Microsoft Azure, and reelyActive speed streaming of IoT data to the cloud

Aruba Networks, Microsoft Azure and open-source vendor reelyActive have teamed-up to make it easier to bring IoT device data to cloud applications.The package, Aruba IoT Transport for Azure, brings together three separate components to make it work: Aruba Access points that incorporate both Wi-Fi and IoT radios to serve mobile connectivity, connect to IoT devices, and function as embedded IT-to-IoT gateways simultaneously and securely. HPE Aruba Networking IoT Transport for Azure service that encodes IoT-device data streamed through the access points into a format compatible with Microsoft Azure IoT Hub, which centrally ingests, provisions, and manages device data. reelyActive Pareto Anywhere for Microsoft Azure a new free open-source converter that reformats IoT data and units of measurement such as temperature and power into a universal format compatible with Microsoft analytics, Power BI and other Azure applications. The tool abstracts the original data format so that the data seen by applications are intelligible, consistent streams of immediately consumable data in recognizable units of measurement. Azure applications can directly consume data from a heterogeneous mix of BLE, 800MHz and 900MHz EnOcean specialized IoT devices that plug into the USB port on HPE Aruba Networking access points without a dedicated on-premises gateway. Continue reading

DOE Wants A Hub And Spoke System Of HPC Systems

We talk about scale a lot here at The Next Platform, but there are many different aspects to this beyond lashing a bunch of nodes together and counting aggregate peak flops. …

DOE Wants A Hub And Spoke System Of HPC Systems was written by Timothy Prickett Morgan at The Next Platform.

Who’s Going To Build The UK’s Homegrown Exascale Supercomputer?

The years-long run-up to the first exascale supercomputers was really a story about the ongoing competition between the United States and China. …

Who’s Going To Build The UK’s Homegrown Exascale Supercomputer? was written by Jeffrey Burt at The Next Platform.

Roundup of high-speed networking updates from Intel, Marvell, Ranovus

The need for speed in the data center has never been greater, as data sets for AI and machine learning grow exponentially. Enterprises also need bandwidth to move increasingly large data sets, and security to protect data in transit. To that end, three vendors have announced new capabilities in the high-speed networking game. So, let’s run them down.Intel launches Agilex 7 FPGAs with F-Tile Intel has introduced its latest FPGA-based networking processor, the Agilex 7 with F-Tile. This PAM4 and NRZ dual-mode serial interface tile can deliver up to 116 Gbps and hardened 400 GbE intellectual property. This is double the bandwidth per channel of the previous generation of Intel FPGAs with reduced power consumption.To read this article in full, please click here

BrandPost: 4 Compelling Reasons SD-WAN Adoption is Growing

By Gabriel Gomane, Senior Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Recently, organizations have increasingly adopted SD-WAN to modernize their network and streamline network connections between branch offices and headquarters. The key driver has been the acceleration of digital transformation and the move of applications to the cloud. To enable this transformation, a modernized network is critical to support multi-cloud architectures, improve security and agility. A poor network infrastructure could limit digitization efforts and prevent IT departments from aligning to strategic goals.To read this article in full, please click here

Vast Data focuses on metadata cataloging, encryption support and snapshots

Flash storage vendor Vast Data has released what it claims is its biggest software release, updating and adding new features around data catalogs that will allow enterprises to tag data with user-defined information and to query datasets that meld structured, unstructured and semi-structured data.Vast has actually announced two revisions to its software, 4.6 and 4.7. The software itself has no formal name, just a version number. Version 4.6, available now, is a major release, and 4.7, available this spring, will be a minor release, according to Steve Pruchniewski, director of product marketing at VAST. “Major feature releases are core to the product's evolution, where minor feature releases typically contain bug fixes and holdovers from previous feature releases,” Pruchniewski said.To read this article in full, please click here

Vast Data focuses on metadata cataloging, encryption support and snapshots

Is This the Age of the Network Para-Professional?

With more networks being distributed to the edge and installed remotely to support IoT, there is an emerging need for non-IT workers to locally maintain and supervise these networks.

No hassle migration from Zscaler to Cloudflare One with The Descaler Program

This post is also available in 简体中文, 日本語, Deutsch Français and Español.

Today, Cloudflare is excited to launch the Descaler Program, a frictionless path to migrate existing Zscaler customers to Cloudflare One. With this announcement, Cloudflare is making it even easier for enterprise customers to make the switch to a faster, simpler, and more agile foundation for security and network transformation.

Zscaler customers are increasingly telling us that they’re unhappy with the way in which they have to manage multiple solutions to achieve their goals and with the commercial terms they are being offered. Cloudflare One offers a larger network, a ‘single stack’ solution with no service chaining that enables innovation at an incredible rate, meaning lots of new product and feature releases.

At its core, the Descaler Program helps derisk change. It’s designed to be simple and straightforward, with technical resources to ensure a smooth transition and strategic consultation to ensure the migration achieves your organization's goals. Customers can expect to be up and running on Cloudflare One in a matter of weeks without disruption to their business operations.

What makes up the Descaler Program?

Knowledgeable people. Clear process. Like-magic technology. Getting the people, process, and Continue reading

« Previous 1 … 323 324 325 326 327 … 3,832 Next »