0

The state of application security in 2023

One year ago we published our first Application Security Report. For Security Week 2023, we are providing updated insights and trends around mitigated traffic, bot and API traffic, and account takeover attacks.

Cloudflare has grown significantly over the last year. In February 2023, Netcraft noted that Cloudflare had become the most commonly used web server vendor within the top million sites at the start of 2023, and continues to grow, reaching a 21.71% market share, up from 19.4% in February 2022.

This continued growth now equates to Cloudflare handling over 45 million HTTP requests/second on average (up from 32 million last year), with more than 61 million HTTP requests/second at peak. DNS queries handled by the network are also growing and stand at approximately 24.6 million queries/second. All of this traffic flow gives us an unprecedented view into Internet trends.

Before we dive in, we need to define our terms.

Definitions

Throughout this report, we will refer to the following terms:

• Mitigated traffic: any eyeball HTTP* request that had a “terminating” action applied to it by the Cloudflare platform. These include the following actions: BLOCK, CHALLENGE, JS_CHALLENGE and MANAGED_CHALLENGE. This does not include Continue reading

0

Adding Zero Trust signals to Sumo Logic for better security insights

A picture is worth a thousand words and the same is true when it comes to getting visualizations, trends, and data in the form of a ready-made security dashboard.

Today we’re excited to announce the expansion of support for automated normalization and correlation of Zero Trust logs for Logpush in Sumo Logic’s Cloud SIEM. As a Cloudflare technology partner, Sumo Logic is the pioneer in continuous intelligence, a new category of software which enables organizations of all sizes to address the data challenges and opportunities presented by digital transformation, modern applications, and cloud computing.

The updated content in Sumo Logic Cloud SIEM helps joint Cloudflare customers reduce alert fatigue tied to Zero Trust logs and accelerates the triage process for security analysts by converging security and network data into high-fidelity insights. This new functionality complements the existing Cloudflare App for Sumo Logic designed to help IT and security teams gain insights, understand anomalous activity, and better trend security and network performance data over time.

Deeper integration to deliver Zero Trust insights

Using Cloudflare Zero Trust helps protect users, devices, and data, and in the process can create a large volume of logs. These logs are helpful and important because Continue reading

0

Cloudflare One DLP integrates with Microsoft Information Protection labels

The crown jewels for an organization are often data, and the first step in protection should be locating where the most critical information lives. Yet, maintaining a thorough inventory of sensitive data is harder than it seems and generally a massive lift for security teams. To help overcome data security troubles, Microsoft offers their customers data classification and protection tools. One popular option are the sensitivity labels available with Microsoft Purview Information Protection. However, customers need the ability to track sensitive data movement even as it migrates beyond the visibility of Microsoft.

Today, we are excited to announce that Cloudflare One now offers Data Loss Prevention (DLP) detections for Microsoft Purview Information Protection labels. Simply integrate with your Microsoft account, retrieve your labels, and build rules to guide the movement of your labeled data. This extends the power of Microsoft’s labels to any of your corporate traffic in just a few clicks.

Data Classification with Microsoft Labels

Every organization has a wealth of data to manage, from publicly accessible data, like documentation, to internal data, like the launch date of a new product. Then, of course, there is the data requiring the highest levels of protection, such as customer PII. Continue reading

0

Queuing For Time On A Supercomputer Shouldn’t Be An Engineering Problem

Sponsored Feature: High performance computing continually sharpens the cutting edge of technology. …

Queuing For Time On A Supercomputer Shouldn’t Be An Engineering Problem was written by Martin Courtney at The Next Platform.

0

Diverting DDoS traffic using the FlowSpec redirect-to-IP next-hop capability (configuration example)

The post Diverting DDoS traffic using the FlowSpec redirect-to-IP next-hop capability (configuration example) appeared first on Noction.

0

Leaf-and-Spine Fabrics Between Theory and Reality

I’m always envious of how easy networking challenges seem when you’re solving them in PowerPoint, for example, when an innovation specialist explains how scalability works in leaf-and-spine fabrics in a LinkedIn comment:

One of the main benefits of a CLOS folded spine topology is the scale out spine where you can scale out the number of spine nodes increasing your leaf-spine n-way ECMP as well as minimizing the blast radius with the more spine nodes the more redundancy and resiliency.

Isn’t that wonderful? If you need more bandwidth, sprinkle the magic spine powder on your fabric, add water, and voila! Problem solved. Also, it looks like adding spine switches reduces the blast radius. Who would have known?

0

Leaf-and-Spine Fabrics Between Theory and Reality

I’m always envious of how easy networking challenges seem when you’re solving them in PowerPoint, for example, when an innovation specialist explains how scalability works in leaf-and-spine fabrics in a LinkedIn comment:

One of the main benefits of a CLOS folded spine topology is the scale out spine where you can scale out the number of spine nodes increasing your leaf-spine n-way ECMP as well as minimizing the blast radius with the more spine nodes the more redundancy and resiliency.

Isn’t that wonderful? If you need more bandwidth, sprinkle the magic spine powder on your fabric, add water, and voila! Problem solved. Also, it looks like adding spine switches reduces the blast radius. Who would have known?

0

Securing the NSX management plane against exploits

Helping organizations protect their assets and infrastructure from evolving attack tactics and techniques is a priority at VMware. API-focused ransomware attacks have become an all-too-common trend, and we recommend that customers take extra care to reduce their attack surface by deploying NSX Manager — and any other manager console — in a hardened manner.  

Management infrastructure and common services typically allow broad access to other potentially more valuable resources within an organization, which in turn provides malicious actors with convenient platforms from which they can launch more damaging attacks. To manage that risk, VMware recommends the following steps to protect your management networks and services deployed within those networks:  

• Do not expose NSX Manager to the internet: Like any other management console, NSX Manager should be installed within your internal network and accessed remotely only through a secure VPN connection. 
• Use strong authentication methods: Ensure that strong authentication methods, such as multi-factor authentication, are used for all NSX Manager logins. 
• Use secure communication protocols: Use secure communication protocols, such as SSL/TLS, to protect the communication between NSX Manager and other components in the environment. 
• Implement network segmentation: Segment the network to limit the Continue reading

0

Submarine Cable Resilience

How do you protect a submarine cable from interference? Do you use more amour plating? Or laying the cable in a sea floor trench? Or simply lay more cables? Or do you head off into radio-based systems?

0

You’re Responsible for the User Experience—No Matter Which Networks It’s Delivered Over

The following post is by Jeremy Rossbach, Chief Technical Evangelist at Broadcom. We thank Broadcom for being a sponsor. Hybrid work and the ongoing transformations ushered in by SD-WAN, cloud, SaaS, and SASE have created an entirely new network landscape for today’s network operations (NetOps) teams to manage and monitor. Now, the user experience is […]

The post You’re Responsible for the User Experience—No Matter Which Networks It’s Delivered Over appeared first on Packet Pushers.

0

A Bumper Crop Of Ethernet Switches Harvested In Q4

With each passing year, the phrase “The network is the computer,” coined in 1984 by John Gage, director of research and co-founder of Sun Microsystems, becomes more and more true. …

A Bumper Crop Of Ethernet Switches Harvested In Q4 was written by Timothy Prickett Morgan at The Next Platform.

0

Best-of-breed networking: There’s an opportunity for white boxes in the WAN

Everyone wants the best network, so they say, but as usual with “bestness” goals, there’s not much agreement on how to achieve it. Do you go for best-of-breed in your equipment, or maybe for three vendors per product area, or maybe open white-box networks? A bit over three-quarters of enterprises said in 2020 that open networks and white boxes would give them best of breed options, but what’s happened since then seems like a blast from the past, vendor-wise.Let’s start with an interesting truth. Well over 95% of established enterprises who can look back to the origins of their networks say that they started off with a single-vendor network. Enterprises who launched within the last five years (which are very few) account for almost all those who didn’t start off with one vendor. If you think about it, this is logical, because starting off with networking is daunting enough without adding in the complication of network integration and the management of multiple sources of technology.To read this article in full, please click here

0

Tech Bytes: Automating Network Administration At Scale With BackBox (Sponsored)

Today's Tech Bytes podcast gets into network automation with sponsor BackBox. BackBox’s approach to automation is to focus on network engineers and integrate automation with how they already do their jobs. BackBox works with more than 180 network and security vendors.

0

Tech Bytes: Automating Network Administration At Scale With BackBox (Sponsored)

Today's Tech Bytes podcast gets into network automation with sponsor BackBox. BackBox’s approach to automation is to focus on network engineers and integrate automation with how they already do their jobs. BackBox works with more than 180 network and security vendors.

The post Tech Bytes: Automating Network Administration At Scale With BackBox (Sponsored) appeared first on Packet Pushers.

0

Geopolitics and Climate Change Heighten Undersea Cable Concerns

Global political unrest and climate change are bringing new attention to the fragility of the undersea cable networks that carry about 95% of international digital traffic.

0

Network Break 421: Huawei Is Both In And Out Of German Networks; Hot-Desking Rubs Hybrid Workers Wrong

Take a Network Break! On today's episode we discuss a record quarter for switch sales, examine Germany's mixed signals about allowing Huawei gear in its networks, and debate whether employees' frustration over Google's desk-sharing plan is just entitled whining or a legitimate complaint. Plus more IT news.

0

Network Break 421: Huawei Is Both In And Out Of German Networks; Hot-Desking Rubs Hybrid Workers Wrong

Take a Network Break! On today's episode we discuss a record quarter for switch sales, examine Germany's mixed signals about allowing Huawei gear in its networks, and debate whether employees' frustration over Google's desk-sharing plan is just entitled whining or a legitimate complaint. Plus more IT news.

The post Network Break 421: Huawei Is Both In And Out Of German Networks; Hot-Desking Rubs Hybrid Workers Wrong appeared first on Packet Pushers.

0

Enhancing/Maximizing your Scaling capability with Automation Controller 2.3

Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. We are excited to announce that the Ansible Automation Platform 2.3 release includes automation controller 4.3.

In the previous blog, we saw that automation controller 4.1 provides significant performance improvements as compared to Red Hat Ansible Tower 3.8. Automation controller 4.3 is taking that one step further. We will elaborate on an important change with callback receiver workers in automation controller 4.3 and how it can have an impact on the performance.

 

Callback Receiver

The callback receiver is the process in charge of transforming the standard output of Ansible into serialized objects in the automation controller database. This enables reviewing and querying results from across all your infrastructure and automation.  This process is I/O and CPU intensive and requires performance considerations.

Every control node in automation controller has a callback receiver process. It receives job events that result from Ansible jobs. Job events are JSON structures, created when Ansible calls the runner callback plugin hooks. This enables Ansible to capture the result of a playbook run. The job event data structures contain Continue reading

0

Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them

Someone in your organization may have just submitted an administrator username and password for an internal system to the wrong website. And just like that, an attacker is now able to exfiltrate sensitive data.

How did it all happen? A well crafted email.

Detecting, blocking, and mitigating the risks of phishing attacks is arguably one of the hardest challenges any security team is constantly facing.

Starting today, we are opening beta access to our new brand and anti-phishing tools directly from our Security Center dashboard, allowing you to catch and mitigate phishing campaigns targeting your organization even before they happen.

The challenge of phishing attacks

Perhaps the most publicized threat vector over the past several months has been phishing attacks. These attacks are highly sophisticated, difficult to detect, becoming more frequent, and can have devastating consequences for businesses that fall victim to them.

One of the biggest challenges in preventing phishing attacks is the sheer volume and the difficulty of distinguishing legitimate emails and websites from fraudulent ones. Even when users are vigilant, it can be hard to spot the subtle differences that attackers use to make their phishing emails and websites look convincing.

For example, last July our Cloudflare Continue reading

0

How to stay safe from phishing

As you wake up in the morning feeling sleepy and preoccupied, you receive an urgent email from a seemingly familiar source, and without much thought, you click on a link that you shouldn't have. Sometimes it’s that simple, and this more than 30-year-old phishing method means chaos breaks loose – whether it’s your personal bank account or social media, where an attacker also begins to trick your family and friends; or at your company, with what could mean systems and data being compromised, services being disrupted, and all other subsequent consequences. Following up on our “Top 50 Most Impersonated Brands in phishing attacks” post, here are some tips to catch these scams before you fall for them.

We’re all human, and responding to or interacting with a malicious email remains the primary way to breach organizations. According to CISA, 90% of cyber attacks begin with a phishing email, and losses from a similar type of phishing attack, known as business email compromise (BEC), are a $43 billion problem facing organizations. One thing is for sure, phishing attacks are getting more sophisticated every day thanks to emerging tools like AI chatbots and the expanded usage of various communication Continue reading