One of the great strengths of VNS3 has always been the ease with which you can look at your network traffic, a necessity for troubleshooting connectivity issues or attesting to correct packet flow. With our release of VNS3 5.0 we have added some big functional improvements that make our network sniffer even better.
News Roundup: Week of Sep 22, 2019
Feature Release of VNS3 Controller 4.8.0
We are very excited to announce the 4.8.2 release of our VNS3 controller! Version 4.8 includes a new API for dynamically configuring traffic monitoring on VNS3 as well as custom webhook alerts for real-time alerts on your network. Cloud meta-data was integrated to improve security of default passwords and adapter/address discovery. Enhancements were also made to the API system and time access URLs from our 4.6.1 release. This latest version of our VNS3 controller is currently available in the AWSand Azuremarketplaces. Please check out the release notesfor a full list of features and optimizations, and keep an eye out for upcoming feature-focused video briefs!
McAfee Reports Only 1% of Cloud Misconfigurations Are Caught
A recent survey from McAfee “[demonstrates] that 99 percent of IaaS misconfigurations go unnoticed.” The survey of 1,000 enterprise organizations worldwide exposed cloud misconfigurations as the dominant threat to network security. According to Yahoo Finance , “IaaS breaches don’t look like your typical malware incident, instead leveraging native features of cloud infrastructure to land the attack, expand to adjacent cloud instances, and exfiltrate sensitive data.”
According to Yahoo Finance, the key findings of the report are:
- Cloud-Native Breaches are not like the typical malware-based attacks of the past, instead capitalizing on misconfigured, native features of the cloud
- Only one percent of misconfiguration incidents in IaaS are known—companies claim they average 37 per month, when in reality they experience 3,500
- Data loss prevention incidents in IaaS increased 248 percent YoY
In light of this report, TechRepublic suggests the following:
- Build IaaS configuration auditing into your CI/CD process
- Evaluate your IaaS security practice using framework like Land-Expand-Exfiltrate
- Invest in cloud-native security tools, and training for security teams
In both cases, the emphasis here is on increasing communication and understanding relative to this new type of Cloud Native Breaches (CNB) and the potential vulnerabilities created by cloud misconfigurations. Designing a network with as simple (not simplistic) approach to cloud security that is easy to implement and maintain (see VNS3) is essential to avoiding a misconfiguration.
5G Potential for India and Huawei
With the deployment of 5G spectrum-based trials on the horizon for India, The Economic Times released an articlediscussing Huawei’s potential involvement in the project being under renewed scrutiny. Huawei brings “more than 2,500 standard essential patents for 5G” to the table and is “[advocating] to the industry to sign [a] ‘no backdoor’ agreement with the Indian government” as it works to solidify its official participation in the project.
Published on the same day by Forbes is an articlewritten by Andy Purdy, CEO of Huawei Technologies USA, titled “Why 5G Can Be More Secure Than 4G.” The article is optimistic about the security of 5G, reassuring readers that “5G maintains a clear separation between RAN and core” even though “some 5G applications do push computing power to the network edge.”
Department of Defense Embraces Zero Trust Model
The US Department of Defense released an articleurging users to “Assume Networks are Compromised.” The article supports the trend towards implementing a zero trust model as opposed to a “perimeter defense model.” When faced with the reality that “there is no secure system,” microsegmentation of your network can provide a lattice of security within a network that prevents an intruder’s ability to freely traverse a compromised network.
Edge Computing Considerations
In a Forbes articlediscussing edge computing, especially as it relates to the possibilities of 5G networks, Irina Farooq from Kinetica lays out “5 strategies for leveraging edge computing for enterprise applications.” These strategies are: focus on the application use cases, understand your options, make explicit decisions about security, privacy, and governance, develop the right data and machine learning strategy, and be prepared to learn and adapt. The article emphasizes informed, careful, and explicit decision-making when it comes to “[processing] data close to the end user.”