What’s new in Calico Enterprise 3.14: WAF, Calico CNI on AKS, and support for RKE2

At Tigera, we strive to innovate at every opportunity thrown at us and deliver what you need! We have listened to what users ask and today we are excited to announce the early preview of Calico Enterprise 3.14. From new capabilities to product supportability and extending partnerships with our trusted partners, let’s take a look at some of the new features in this release.

Web application firewall (WAF)

Web applications are a critical aspect of any business, whether they are public facing or internal. There has been a fundamental shift in the way these applications are developed—as they have become more container-based and API-based, we refer to these as cloud-native applications.

To keep these modern web applications secure, we need to analyze all HTTP communication and block any malicious traffic traversing the web application. However, in a cloud-native environment, we can’t achieve this using simple network policies or by using perimeter network firewalls. Instead, a cloud-native web application firewall (WAF) would be necessary.


Fig. 1: Service annotation for workload-based WAF using Calico

This is why we have introduced a cloud-native WAF into Calico Enterprise that’s different from the traditional WAFs you may know. While most traditional WAFs are deployed Continue reading

HS025 Did You Know Your IT is a Crime Scene ?

Does planning for cybersecurity failure include the concept of 'crime scene' ? Can you provide evidence to an external investigation sufficient to get justice or simply prove to insurance investigator that you met the policy requirements ? Should you be lobbying governments ? How does this drive your cyber spending - defense, microsegmentation, detection or evidence collection ?

HS025 Did You Know Your IT is a Crime Scene ?

Does planning for cybersecurity failure include the concept of 'crime scene' ? Can you provide evidence to an external investigation sufficient to get justice or simply prove to insurance investigator that you met the policy requirements ? Should you be lobbying governments ? How does this drive your cyber spending - defense, microsegmentation, detection or evidence collection ?

The post HS025 Did You Know Your IT is a Crime Scene ? appeared first on Packet Pushers.

Let’s celebrate the 8th anniversary of Project Galileo!

Let’s celebrate the 8th anniversary of Project Galileo!

This post is also available in 日本語, Deutsch, Français, Español and Português.

Let’s celebrate the 8th anniversary of Project Galileo!

We started Project Galileo in 2014 with the simple idea that organizations that work in vulnerable yet essential areas of human rights and democracy building should not be taken down because of cyber attacks. In the past eight years, this idea has grown to more than just keeping them secure from a DDoS attack, but also how to foster collaboration with civil society to offer more tools and support to these groups. In March 2022, after the war in Ukraine started, we saw an increase in applications to Project Galileo by 177%.

Read ahead for details on all of our eighth anniversary announcements:

  • Two new civil society partners helping choose participants
  • New insights on attack patterns using data from Cloudflare Radar
  • A portal designed to ease onboarding for Galileo participants
  • Details on our sessions at RightsCon this week
  • New case studies highlighting Galileo participants and the important work they are doing

Announcing two new Project Galileo partners

This year, we are excited to welcome two new partners, International Media Support and CyberPeace Institute. As we introduce new partners, we are able to expand the project Continue reading

MLAG Deep Dive: Dynamic MAC Learning

In the first blog post of the MLAG Technology Deep Dive series, we explored the components of an MLAG system and the fundamental control plane requirements.

This post focuses on a major building block of the layer-2 data plane functionality: MAC learning. We’ll keep using the same network topology with two switches and five hosts, and assume our system tries its best to implement hot-potato switching (sending the frames toward the destination MAC address on the shortest possible path).

Read more …

MLAG Deep Dive: Dynamic MAC Learning

In the first blog post of the MLAG Technology Deep Dive series, we explored the components of an MLAG system and the fundamental control plane requirements.

This post focuses on a major building block of the layer-2 data plane functionality: MAC learning. We’ll keep using the same network topology with two switches and five hosts, and assume our system tries its best to implement hot-potato switching (sending the frames toward the destination MAC address on the shortest possible path).

Read more …

RSA: Cisco launches SASE, offers roadmap for other cloud-based services

Cisco made a variety of security upgrades at the RSA Conference designed to move security operation to the cloud, improve its Secure Access Service Edge offering and offer new simplified security end point control.The biggest piece of the Cisco roll out was a new overarching security platform called the Cisco Security Cloud will include unified management and policies, and offer open APIs to help grow a multivendor security ecosystem. Cisco defines the  Security Cloud as a “multi-year strategic vision for the future of security.” It is an ongoing journey that began several years ago and Cisco will continue delivering upon the key tenets of this vision with a consistent roadmap. The cloud will be made up of existing products like Umbrella and offerings from Duo, other features will be developed in the future.To read this article in full, please click here

RSA: Cisco launches SASE, offers roadmap for other cloud-based services

Cisco made a variety of security upgrades at the RSA Conference designed to move security operation to the cloud, improve its Secure Access Service Edge offering and offer new simplified security end point control.The biggest piece of the Cisco roll out was a new overarching security platform called the Cisco Security Cloud will include unified management and policies, and offer open APIs to help grow a multivendor security ecosystem. Cisco defines the  Security Cloud as a “multi-year strategic vision for the future of security.” It is an ongoing journey that began several years ago and Cisco will continue delivering upon the key tenets of this vision with a consistent roadmap. The cloud will be made up of existing products like Umbrella and offerings from Duo, other features will be developed in the future.To read this article in full, please click here

RSA: Cisco launches SASE, offers roadmap for other cloud-based services

Cisco made a variety of security upgrades at the RSA Conference designed to move security operation to the cloud, improve its Secure Access Service Edge offering and offer new simplified security end point control.The biggest piece of the Cisco roll out was a new overarching security platform called the Cisco Security Cloud will include unified management and policies, and offer open APIs to help grow a multivendor security ecosystem. Cisco defines the  Security Cloud as a “multi-year strategic vision for the future of security.” It is an ongoing journey that began several years ago and Cisco will continue delivering upon the key tenets of this vision with a consistent roadmap. The cloud will be made up of existing products like Umbrella and offerings from Duo, other features will be developed in the future.To read this article in full, please click here

Ampere trials AmpereOne server processor with customers

Ampere Computing introduced the next generation of its Arm-based server processors and said it has begun sampling the chip to select customers.Former Intel president Renee James launched Ampere in 2018, and the company so far has released two processors aimed at cloud data centers: the 80-core Ampere Altra and the 128-core Ampere Altra Max. Those processors used cores licensed from Arm Holdings. But now, with the new AmphereOne chip, Ampere has created customized versions of the Arm processor cores to better tailor them to customer needs.  Read more: The three-way race for GPU dominance in the data centerTo read this article in full, please click here

Ampere trials AmphereOne server processor with customers

Ampere Computing introduced the next generation of its Arm-based server processors and said it has begun sampling the chip to select customers.Former Intel president Renee James launched Ampere in 2018, and the company so far has released two processors aimed at cloud data centers: the 80-core Ampere Altra and the 128-core Ampere Altra Max. Those processors used cores licensed from Arm Holdings. But now, with the new AmphereOne chip, Ampere has created customized versions of the Arm processor cores to better tailor them to customer needs.  Read more: The three-way race for GPU dominance in the data centerTo read this article in full, please click here

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends

Today, a cluster of Internet standards were published that rationalize and modernize the definition of HTTP - the application protocol that underpins the web. This work includes updates to, and refactoring of, HTTP semantics, HTTP caching, HTTP/1.1, HTTP/2, and the brand-new HTTP/3. Developing these specifications has been no mean feat and today marks the culmination of efforts far and wide, in the Internet Engineering Task Force (IETF) and beyond. We thought it would be interesting to celebrate the occasion by sharing some analysis of Cloudflare's view of HTTP traffic over the last 12 months.

However, before we get into the traffic data, for quick reference, here are the new RFCs that you should make a note of and start using:

  • HTTP Semantics - RFC 9110
    • HTTP's overall architecture, common terminology and shared protocol aspects such as request and response messages, methods, status codes, header and trailer fields, message content, representation data, content codings and much more. Obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.
  • HTTP Caching - RFC 9111
    • HTTP caches and related header fields to control the behavior of response caching. Obsoletes RFC 7234.
  • Continue reading
1 470 471 472 473 474 3,818