Decision making, especially in large organizations, fails in many interesting ways. Understanding these failure modes can help us cope with seemingly difficult situations, and learn how to make decisions better. On this episode of the Hedge, Frederico Lucifredi, Ethan Banks, and Russ White discuss Frederico’s thoughts on developing a taxonomy of indecision. You can find his presentation on this topic here.
Newly anointed Intel chief executive officer Pat Gelsinger held the coming out party for his strategy to get the world’s largest chip manufacturer and designer back on track, called “Intel Unleashed: Engineering The Future,” on Tuesday after the market closed. …
Intel Decides To Engineer Its Fab-Filled Future After All was written by Timothy Prickett Morgan at The Next Platform.
Gartner is bullish on the SONiC network OS, but three things need to happen if enterprises are going to adopt SONiC in significant numbers.
The post 3 Things SONiC Needs To Flourish In The Enterprise appeared first on Packet Pushers.
The security industry needs to wake up. Today’s attackers are too numerous and too determined to get caught by simple perimeter defenses. It’s no longer a matter of if an attack will be successful, it’s a matter of when. Security pros need to recognize this reality, stop using archaic detect and respond approaches to secure the enterprise, and start focusing on blocking the spread of attacks once they make that initial breach.
Changing the industry won’t be easy. It will require a bold step — one that we believe we’ve taken at VMware with our distributed, software-defined approach to enterprise security. This approach gives us the ability to operationalize east-west security at scale, simplify the implementation of segmentation in just a few steps, and insert advanced threat prevention inside the data center.
We’ll showcase these latest security advances on Thursday, March 25, starting at at 2:00 pm PST. Broadcasting live around the world during Security Field Day 5, NSX security experts will run through simple, practical steps that security teams can take to meet Continue reading
HashiCorp Vault is a management tool that stores and controls access to sensitive data (passwords, certificates, API keys, and so on). Today's Day Two Cloud is a deep dive on Vault and its use cases. This is an unsponsored show that came together unexpectedly due to a scheduling issue.
The post Day Two Cloud 090: Hashicorp Vault For Beginners appeared first on Packet Pushers.
While securing the high-end particle physics market segment is not likely to push any of the AI/ML ASICS into competition with GPUs anytime soon, the chipmakers that can prove their value on some of the most demanding, real-time AI workloads can capture some serious mindshare. …
Graphcore Shows GAN Gains for CERN was written by Nicole Hemsoth at The Next Platform.
Overlay Networks are not new by any means but are becoming more and more main-stream across multiple places-in-the-network (PINs). While...
The post What to Know About Data Center Overlay Networks appeared first on Pluribus Networks.
Today, we’re excited to announce that your team can use Cloudflare’s network to build Zero Trust controls over the data in your enterprise - wherever it lives and however it moves.
Stopping data loss is difficult for any team and that challenge has become harder as users have left offices and data has left on-premise storage centers. Enterprises can no longer build a simple castle-and-moat around their data. Users now connect from any location on the planet to applications that live in environments outside of that enterprise’s control.
We have talked to hundreds of customers who have resorted to applying stopgap measures to try and maintain that castle-and-moat model in some form, but each of those band-aids slow down their users or drive up costs - or both. Almost all of the short-term options available combine point solutions that ultimately force traffic to backhaul through a central location.
Part of Cloudflare One, Cloudflare’s approach to data loss prevention relies on the same infrastructure and global network that accelerates user traffic to the Internet to also perform inline inspection against all traffic regardless of how it arrives on our network.
We also know that enterprises need more than just scanning Continue reading
API traffic is growing fast. Last year alone it grew 300% faster at our edge than web traffic. Because APIs power mobile and web applications, transmitting instructions as diverse as “order a pizza from my favourite restaurant using this credit card” or “place a cryptocurrency trade and these are my personal details”, they are ripe for data theft and abuse. Data exposure is listed as one of the top threats for API traffic by OWASP; this includes data leaks and exfiltration from origin responses (API Security TOP 10 threats 2019). The increase in API traffic and more frequent data attacks call for new security solutions.
Cloudflare’s security toolkit had always been designed to protect web and API traffic. However, after talking to hundreds of customers we realised that there is a need for easily deployed and configured security tools for API traffic in a single interface. To meet this demand, in October 2020 we launched API ShieldTM, a new product aimed at bringing together all security solutions designed for API traffic. We started by providing mTLS authentication to all Cloudflare users free of charge, gRPC support and Schema Validation in Beta. During the launch we laid Continue reading
Data exfiltration, or data loss, can be a very time-consuming and expensive ordeal causing financial loss, negative brand association, and penalties from privacy focused laws. Take for example, an incident where sensitive smart grid and metering R&D knowledge information from an industrial control system of a North American electric utility was exfiltrated through an attack that was suspected to have originated from inside the network. Unauthorized access to data from a utilities company can result in a compromised smart grid or power outages.
In another example, a security researcher found exposed and unknown (undocumented) API endpoints for Tesla’s Backup Gateway that could have been used to export data or make unauthorized changes. This would have had very real physical consequences had the unauthenticated API endpoint been used by an attacker to damage the battery or the connected electric grid.
Both these examples emphasize the importance of considering internal and external threats when thinking about how to protect a network from data exfiltration. An insider threat isn’t necessarily a user willfully causing harm: according to Fortinet’s 2019 Insider Threat Report, from the organizations surveyed 71% were concerned about a careless user causing an accidental Continue reading
TL&DR: Azure Route Server works as advertised. Setting it up is excruciatingly slow. You might want to start the process just before taking a long lunch break.
I decided to take Azure Route Server for a ride. Simple setup, two Networking Virtual Appliance (NVA) instances running Quagga to advertise a single prefix (just to see how multipathing works).
Here’s the diagram of what I set up:
TL&DR: Azure Route Server works as advertised. Setting it up is excruciatingly slow. You might want to start the process just before taking a long lunch break.
I decided to take Azure Route Server for a ride. Simple setup, two Networking Virtual Appliance (NVA) instances running Quagga to advertise a single prefix (just to see how multipathing works).
Here’s the diagram of what I set up:
The server market is a multi-cylinder engine, with eight major hyperscalers and cloud builders all doing their thing almost independently of each other and of the economic conditions at large and the rest of the market being more subject to the waxing and waning of the economic tides. …
Server Sales Boom In China, Bleed Air Elsewhere was written by Timothy Prickett Morgan at The Next Platform.
While those working in the network engineering world are quite familiar with the expression “it is always something!,” defining this (often exasperated) declaration is a little trickier. The wise folks in the IETF, however, have provided a definition in RFC1925. Rule 7, “it is always something,” is quickly followed with a corollary, rule 7a, which says: “Good, Fast, Cheap: Pick any two (you can’t have all three).”
You can either quickly build a network which works well and is therefore expensive, or take your time and build a network that is cheap and still does not work well, or… Well, you get the idea. There are many other instances of these sorts of three-way tradeoffs in the real world, such as the (in)famous CAP theorem, which states a database can be consistent, available, and partitionable (or partitioned). Eventual consistency, and problems from microloops to surprise package deliveries (when you thought you ordered one thing, but another was placed in your cart because of a database inconsistency) have resulted. Another form of this three-way tradeoff is the much less famous, but equally true, state, optimization, surface tradeoff trio in network design.
It is possible, however, to build a system Continue reading
We are excited to announce the latest feature for Docker Pro and Team users, our new Advanced Image Management Dashboard available on Docker Hub. The new dashboard provides developers with a new level of access to all of the content you have stored in Docker Hub providing you with more fine grained control over removing old content and exploring old versions of pushed images.
Historically in Docker Hub we have had visibility into the latest version of a tag that a user has pushed, but what has been very hard to see or even understand is what happened to all of those old things that you pushed. When you push an image to Docker Hub you are pushing a manifest, a list of all of the layers of your image, and the layers themselves.
When you are updating an existing tag, only the new layers will be pushed along with the new manifest which references these layers. This new manifest will be given the tag you specify when you push, such as bengotch/simplewhale:latest. But this does mean that all of those old manifests which point at the previous layers that made up your image are removed from Hub. These Continue reading