On findingballoons in data center networks micro-detection using adaptive ➰ feedback loops ♻

Using #SRLinux for flexible decentralized DDoS attack detection #SecDevOps

A distributed problem (“attack”) may require a distributed solution (source)

Distributed Denial of Service (DDoS) attacks continue to be a major problem for many network operators and their customers. As in most networking problems, the key issue is scale: Attackers are able to mount an amplified attack using many (N) sources to send large (M) payloads to a single (1) target server, causing link and CPU saturation and system overload

N*M >> 1 ~> overloaded system(s) and unhappy customers

Much like security in general, solving DDoS attacks is a continuous process, not a one-time product or solution deployment. While most operators have deployed DDoS mitigation solutions, there will — unfortunately — always come a time where the current solution falls short, and something else or more is needed.

#DevSecOps: Shortening feedback loops

Feedback loops (credit: Peter Phaal / Tim Cochran)

Back in 2011 Peter Phaal wrote a blog about “Delay and stability”. Even though more than a decade has passed since, one can easily see how triggers like AWS outages haven’t changed — these points remain relevant and valid today:
✅ Measurement(observability) plays a critical role in data centers; it is the
foundation for automation (more on this Continue reading

IDC MarketScape positions Cloudflare as a Leader among worldwide Commercial CDN providers

IDC MarketScape positions Cloudflare as a Leader among worldwide Commercial CDN providers
IDC MarketScape positions Cloudflare as a Leader among worldwide Commercial CDN providers

We are thrilled to announce that Cloudflare has been positioned in the Leaders category in the IDC MarketScape: Worldwide Commercial CDN 2022 Vendor Assessment(doc #US47652821, March 2022).

You can download a complimentary copy here.

The IDC MarketScape evaluated 10 CDN vendors based on their current capabilities and future strategies for delivering Commercial CDN services. Cloudflare is recognized as a Leader.

At Cloudflare, we release products at a dizzying pace. When we talk to our customers, we hear again and again that they appreciate Cloudflare for our relentless innovation. In 2021 alone, over the course of seven Innovation Weeks, we launched a diverse set of products and services that made our customers’ experiences on the Internet even faster, more secure, more reliable, and more private.

We leverage economies of scale and network effects to innovate at a fast pace. Of course, there’s more to our secret sauce than our pace of innovation. In the report, IDC notes that Cloudflare is “a highly innovative vendor and continues to invest in its competencies to support advanced technologies such as virtualization, serverless, AI/ML, IoT, HTTP3, 5G and (mobile) edge computing.” In addition, IDC also recognizes Cloudflare for its “integrated SASE offering (that) Continue reading

Full Stack Journey 064: Should You Embrace Chaos Engineering?

Maybe you've heard of chaos engineering, and you're curious about what it is. This episode will help you understand! Joining Scott for the Full Stack Journey is Cwen (Chengwen) Yin, a co-founder of the Chaos Mesh project. We define chaos engineering, discuss what it's supposed to accomplish, cover the major components of Chaos Mesh, and more.

The post Full Stack Journey 064: Should You Embrace Chaos Engineering? appeared first on Packet Pushers.

Juniper upgrades its intent-based software to embrace edge deployments

Juniper Networks has added features to it’s Apstra intent-based networking software it says will help customers secure and support smaller data centers at distributed edge networks. The Apstra software keeps a real-time repository of configuration, telemetry, and validation information to ensure the network is doing what IT teams want it to do.The software includes automation to provide consistent network and security policies for workloads across physical and virtual infrastructures. In addition, its baked-in analytics performs regular network checks to safeguard configurations. To read this article in full, please click here

Juniper upgrades its intent-based software to embrace edge deployments

Juniper Networks has added features to it’s Apstra intent-based networking software it says will help customers secure and support smaller data centers at distributed edge networks. The Apstra software keeps a real-time repository of configuration, telemetry, and validation information to ensure the network is doing what IT teams want it to do.The software includes automation to provide consistent network and security policies for workloads across physical and virtual infrastructures. In addition, its baked-in analytics performs regular network checks to safeguard configurations. To read this article in full, please click here

Unified Cloud Networking Changes the Game

Today we announced our Unified Cloud Networking vision, the industry’s first Unified Cloud Fabric solution and our partnership with NVIDIA. This truly changes the game for cloud network operators.

Last week I made the case that cloud networking needs a new vision in order to meet two strategic goals shared by cloud operators:

  1. Transform cloud networks to become as agile, highly available and simple to operate as the hyperscale public clouds.
  2. Move rapidly toward a new, more highly distributed networking and zero-trust security architecture to address increasing cybersecurity risks.

Just as importantly, we need new solutions to overcome the obstacles that prevent operators from achieving those goals, i.e. fragmented networks and incomplete solutions for security, automation and visibility.

Today, I outline how we have created the vision and solutions to overcome those obstacles and meet those goals. In a companion blog, Alessandro Barbieri dives deeper into the challenges we are addressing and how we are turning the vision into reality.

Introducing the Unified Cloud Networking Vision

Unified Cloud Networking solutions build on the Unified Cloud Fabric (the next generation of our proven Adaptive Cloud Fabric) to unify networks across multiple dimensions – switches and servers, overlay and underlay Continue reading

Pluribus Unified Cloud Networking: What, Why, How

Today, in partnership with NVIDIA, Pluribus launched the Unified Cloud Networking architecture aiming to transform the way CSPs, telcos and enterprises build and operate cloud networks with radical operational simplification, distributed security services integrated into the network, and significantly lower total cost of ownership (TCO) compared to existing solutions.

In this blog I discuss the networking and security challenges cloud operators are facing, and then describe how the Pluribus Unified Cloud Fabric™ addresses these challenges with a holistic approach to cloud networking including both the switching fabric and the compute virtualization fabric. I then explain how the Pluribus Netvisor® ONE network operating system (OS) integrates with the NVIDIA® Bluefield® data processing unit (DPU) hardware architecture to deliver a Unified Cloud Fabric across any workload environment (including ESXi, Hyper-V, Xen, KVM, bare metal, and Kubernetes), provide a zero-trust administration model between compute and network, and radically simplify the networking stack running on the server OS with better overall performance and lower TCO. Finally, I review the initial set of use cases Pluribus is delivering with the Early Field Trial (EFT) program starting next month.

The State of Cloud Networking: A Tale of Many Fabrics

Outside the largest public cloud providers, with Continue reading

Teaching Kubernetes To Do Fractions And Multiplication On GPUs

When any new abstraction layer comes to compute, it can only think in integers at first, and then it learns to do fractions and finally, if we are lucky – and we are not always lucky – that abstraction layer learns to do multiplication and scale out across multiple nodes as well as scaling in – slicing itself into pieces – within a single node.

Teaching Kubernetes To Do Fractions And Multiplication On GPUs was written by Timothy Prickett Morgan at The Next Platform.

Tracing the History of the Internet, Layer by Layer

Grace Andrews An enthusiastic technologist with a cross-cultural focus and experience managing, facilitating and executing entrepreneurial training and processes, Grace has a keen eye for public relations, marketing, consulting and networking. Did you know that the fiber cables that helped bring you this web page may be buried inside a pipeline originally built to carry oil and gas? Or that Cold War military researchers were instrumental in birthing the concepts that gave rise to those cables in the first place? How about the fact that people once tried to build their own cellular phone networks using analog modems? Few of the people who use the internet daily, from those creating GitHub repos to those simply scrolling through Twitter, are aware of the fascinating backstory of the physical infrastructure that makes it all work. The idea behind Apple, RSS. For more creative content by and about the humans that build and scale the internet, follow Twitter, Instagram. Finally, be sure to check out the

WAF for everyone: protecting the web from high severity vulnerabilities

WAF for everyone: protecting the web from high severity vulnerabilities
WAF for everyone: protecting the web from high severity vulnerabilities

At Cloudflare, we like disruptive ideas. Pair that with our core belief that security is something that should be accessible to everyone and the outcome is a better and safer Internet for all.

This isn’t idle talk. For example, back in 2014, we announced Universal SSL. Overnight, we provided SSL/TLS encryption to over one million Internet properties without anyone having to pay a dime, or configure a certificate. This was good not only for our customers, but also for everyone using the web.

In 2017, we announced unmetered DDoS mitigation. We’ve never asked customers to pay for DDoS bandwidth as it never felt right, but it took us some time to reach the network size where we could offer completely unmetered mitigation for everyone, paying customer or not.

Still, I often get the question: how do we do this? It’s simple really. We do it by building great, efficient technology that scales well—and this allows us to keep costs low.

Today, we’re doing it again, by providing a Cloudflare WAF (Web Application Firewall) Managed Ruleset to all Cloudflare plans, free of charge.

Why are we doing this?

High profile vulnerabilities have a major impact across the Internet affecting organizations of Continue reading

Cloudflare Zaraz supports CSP

Cloudflare Zaraz supports CSP
Cloudflare Zaraz supports CSP

Cloudflare Zaraz can be used to manage and load third-party tools on the cloud, achieving significant speed, privacy and security improvements. Content Security Policy (CSP) configuration prevents malicious content from being run on your website.

If you have Cloudflare Zaraz enabled on your website, you don’t have to ask yourself twice if you should enable CSP because there’s no harmful collision between CSP & Cloudflare Zaraz.

Why would Cloudflare Zaraz collide with CSP?

Cloudflare Zaraz, at its core, injects a <script> block on every page where it runs. If the website enforces CSP rules, the injected script can be automatically blocked if inline scripts are not allowed. To prevent this, at the moment of script injection, Cloudflare Zaraz adds a nonce to the script-src policy in order for everything to work smoothly.

Cloudflare Zaraz supports CSP enabled by using both Content-Security-Policy headers or Content-Security-Policy <meta> blocks.

What is CSP?

Content Security Policy (CSP) is a security standard meant to protect websites from Cross-site scripting (XSS) or Clickjacking by providing the means to list approved origins for scripts, styles, images or other web resources.

Although CSP is a reasonably mature technology with most modern browsers already implementing the standard, less Continue reading

Security for SaaS providers

Security for SaaS providers
Security for SaaS providers

Some of the largest Software-as-a-Service (SaaS) providers use Cloudflare as the underlying infrastructure to provide their customers with fast loading times, unparalleled redundancy, and the strongest security — all through our Cloudflare for SaaS product. Today, we’re excited to give our SaaS providers new tools that will help them enhance the security of their customers’ applications.

For our Enterprise customers, we’re bringing WAF for SaaS — the ability for SaaS providers to easily create and deploy different sets of WAF rules for their customers. This gives SaaS providers the ability to segment customers into different groups based on their security requirements.

For developers who are getting their application off the ground, we’re thrilled to announce a Free tier of Cloudflare for SaaS for the Free, Pro, and Biz plans, giving our customers 100 custom hostnames free of charge to provision and test across their account. In addition to that, we want to make it easier for developers to scale their applications, so we’re happy to announce that we are lowering our custom hostname price from \$2 to \$0.10 a month.

But that’s not all! At Cloudflare, we believe security should be available for all. That’s why we’re extending a Continue reading

Improving the WAF with Machine Learning

Improving the WAF with Machine Learning
Improving the WAF with Machine Learning

Cloudflare handles 32 million HTTP requests per second and is used by more than 22% of all the websites whose web server is known by W3Techs. Cloudflare is in the unique position of protecting traffic for 1 out of 5 Internet properties which allows it to identify threats as they arise and track how these evolve and mutate.

The Web Application Firewall (WAF) sits at the core of Cloudflare's security toolbox and  Managed Rules are a key feature of the WAF. They are a collection of rules created by Cloudflare’s analyst team that block requests when they show patterns of known attacks. These managed rules work extremely well for patterns of established attack vectors, as they have been extensively tested to minimize both false negatives (missing an attack) and false positives (finding an attack when there isn’t one). On the downside, managed rules often miss attack variations (also known as bypasses) as static regex-based rules are intrinsically sensitive to signature variations introduced, for example, by fuzzing techniques.

We witnessed this issue when we released protections for log4j. For a few days, after the vulnerability was made public, we had to constantly update the rules to match variations and mutations as Continue reading

A new WAF experience

A new WAF experience
A new WAF experience

Around three years ago, we brought multiple features into the Firewall tab in our dashboard navigation, with the motivation “to make our products and services intuitive.” With our hard work in expanding capabilities offerings in the past three years, we want to take another opportunity to evaluate the intuitiveness of Cloudflare WAF (Web Application Firewall).

Our customers lead the way to new WAF

The security landscape is moving fast; types of web applications are growing rapidly; and within the industry there are various approaches to what a WAF includes and can offer. Cloudflare not only proxies enterprise applications, but also millions of personal blogs, community sites, and small businesses stores. The diversity of use cases are covered by various products we offer; however, these products are currently scattered and that makes visibility of active protection rules unclear. This pushes us to reflect on how we can best support our customers in getting the most value out of WAF by providing a clearer offering that meets expectations.

A few months ago, we reached out to our customers to answer a simple question: what do you consider to be part of WAF? We employed a range of user research methods including Continue reading

TOP 25 in Cisco IT Blog Awards

It was a year of big changes in every way. I was fortunate enough to be surrounded by great professionals working on huge projects and then even to get the chance to switch to some completely new technologies that I never really worked with before. It was great, it is still very intense and from my perspective, all changes were for the better. But as with all periods with a lot of action, all those draft articles on this blog’s queue didn’t yield as much new material as I wanted. It was a year of almost no writing but a

The post TOP 25 in Cisco IT Blog Awards appeared first on How Does Internet Work.

Marvell’s newest Arm processor integrates 5G hardware accelerators

In the battle between Intel and AMD, it can be easy to overlook Marvell Technology, but you shouldn’t. Through acquisition and organic growth, the company has turned into quite a powerhouse playing in multiple areas.Marvell is the first major vendor to support the Arm on 5G initiative that Arm unveiled last October, when it launched the Arm 5G Solutions Lab. The lab is designed to let hardware and software partners work on 5G-based products running on Arm architecture. Read more: SmartNICs set to infiltrate enterprise networksTo read this article in full, please click here

1 543 544 545 546 547 3,833