< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4625 articles · page 95 of 232

Programmable SASE: Cloudflare Enables Real-Time Policies

🔧 Cloudflare outlines a truly programmable SASE that lets customers run real-time, inline logic at the edge to make decisions rather than just trigger alerts. Beyond basic APIs, webhooks, and Terraform, Cloudflare One and the Developer Platform enable invoking Workers on policy matches to enrich requests, call risk engines, inject headers, and route traffic with millisecond latency. The post describes managed and custom actions, demonstrates an automated device session revocation Worker, and previews deeper integration and custom action support through 2026.
read more →

CrowdStrike Earns NCSC CIR Assurance for Incident Response

🛡️CrowdStrike has been independently assessed and assured against the UK National Cyber Security Centre’s CIR Standard. The CrowdStrike certification confirms independent evaluation of provider capability, technical competence, and service delivery for incident handling across the UK and Europe. It reinforces the company's incident response services—breach response, retainers, and resilience work—powered by the Falcon platform.
read more →

Modernize Networking with Agile, Composable SASE Platform

🚀 Organizations are rethinking the corporate network as perimeter-less and AI-driven, and Cloudflare argues that an agile SASE approach is required to escape legacy fragmentation and operational silos. Cloudflare One is promoted as a composable, single-pass SASE platform built on a global network that runs concurrent security checks to eliminate service-chaining and enable consistent, enforceable policy. This week Cloudflare will publish technical deep-dives across identity, AI-driven signal processing, the autonomous edge, and unified enterprise modernization, and recommends incremental adoption starting with remote access, email protection, DNS filtering, and safe AI governance.
read more →

Project Helix: Automated Cloudflare One Onboarding

🧭 Project Helix automates onboarding for Cloudflare One, converting deployment expertise into reusable, language-aware Terraform templates and a Cloudflare Workers UI. In minutes, tenants receive baseline DNS, network, and HTTP security policies, TLS inspection options, and granular SaaS tenant controls. Administrators can toggle recommended protections to deploy consistent, error‑free configurations quickly.
read more →

Telecom Service Providers Must Build Secure AI Factories

🔒 Service providers face a generational opportunity to become AI factories, hosting high-performance, low-latency AI for enterprises while meeting sovereignty and compliance needs. Palo Alto Networks argues that securing these environments requires layered defenses from physical infrastructure through models and agents, combining ML-led NGFWs, Prisma AIRS, CyberArk and Cortex. The aim is real-time governance of data, nonhuman identities and autonomous agents to prevent poisoning, prompt injection and credential theft.
read more →

AWS Pricing for VPC Encryption Controls Moves to Paid

🔒 AWS is introducing pricing for VPC Encryption Controls, a regional capability that audits and enforces encryption-in-transit for traffic within and across Virtual Private Clouds. The feature supports Monitor mode to detect unencrypted flows and Enforce mode to prevent the creation or operation of resources that allow unencrypted traffic. Beginning March 1, 2026, AWS will apply a fixed hourly charge to every non-empty VPC with Encryption Controls enabled; empty VPCs enabled with the feature are not charged. When encryption is enabled on a Transit Gateway, standard VPC Encryption Controls charges apply to all VPCs attached to that Transit Gateway regardless of each VPC's mode or whether they are empty.
read more →

AWS MediaLive Adds SRT Listener Mode for Inputs/Outputs

🔒 AWS Elemental MediaLive now supports SRT Listener mode for both inputs and outputs, allowing MediaLive to wait for connections instead of initiating them. This simplifies networking by removing the need for outbound connections or static public IP addresses and complements existing SRT Caller mode. Listener inputs and outputs offer configurable latency and mandatory AES encryption and are available in all Regions where MediaLive is offered.
read more →

Amazon Lightsail Adds WordPress Blueprint with IMDSv2

🚀 Amazon Lightsail now provides a new WordPress blueprint that streamlines launching and managing a site with a guided setup wizard. The VPS image comes preinstalled and enforces IMDSv2 by default for improved instance metadata security. From the console you can attach a static IP, configure DNS, and enable HTTPS with a free Let's Encrypt certificate within minutes.
read more →

EC2 Image Builder: wildcard lifecycle policies, IAM defaults

🔧 EC2 Image Builder now supports wildcard patterns in lifecycle policies so teams can apply retention and cleanup rules across multiple image recipes with a single policy. The console also simplifies IAM role creation by pre-populating required default permissions for lifecycle management. These enhancements reduce manual configuration, lower the risk of misconfiguration, and make it easier to scale image lifecycle operations as new recipes are added. Lifecycle Policies are available in all commercial AWS regions.
read more →

Amazon ARC Region Switch adds post-recovery and RDS blocks

🔁 Amazon Application Recovery Controller (ARC) Region switch now includes post-recovery workflows, native Amazon RDS execution blocks, and support in the AWS provider for Terraform. The update automates failover and the subsequent recovery preparation steps to reduce manual coordination and lower error risk. Post-recovery workflows support Lambda actions, RDS read-replica creation, nested ARC plans, and manual approvals, and can be triggered for active/passive deployments. Terraform support enables DR plans as Infrastructure-as-Code for CI/CD integration.
read more →

Microsoft tests Windows 11 batch-file security mode

🔒 Microsoft is rolling out Windows 11 Insider Preview builds that introduce a secure processing mode for batch files and CMD scripts. Administrators can enable the feature via the LockBatchFilesInUse registry value under HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor or via the LockBatchFilesWhenInUse manifest control. When enabled, batch files cannot be modified while executing and signature validation runs once rather than per statement, improving both security and performance for scripted enterprise workflows.
read more →

AWS Network Firewall Adds EventBridge State Notifications

🔔 AWS Network Firewall now emits real-time state change and configuration notifications via Amazon EventBridge. This integration reports updates across AWS Managed Rules, Partner Managed Rules, and firewall configurations so security and ops teams can centralize monitoring. With EventBridge you can route events to Amazon SNS, ITSM ticketing, or third‑party SIEMs to automate alerts and accelerate response.
read more →

Amazon Bedrock Batch Inference Adds Converse API Support

🔁 Amazon Bedrock batch inference now accepts the Converse API as a model invocation type, letting you submit batch inputs in a consistent, model-agnostic Converse request format and receive outputs in the Converse response format. This unifies real-time and batch request formats, simplifying prompt management and reducing the effort of switching between models. You can configure the Converse invocation type through the Bedrock console or API, and the capability is available in all Regions that support Bedrock batch inference.
read more →

CloudWatch log centralization supports custom groups

🔧 Amazon CloudWatch now lets administrators customize destination log group names when creating log centralization rules, using attributes such as account ID, region, log group name, organization ID, organizational unit ID, root ID, or the full organizational path. Patterns like ${source.accountId}/${source.region}/${source.logGroup} produce readable hierarchies (for example, 123456789012/us-east-1/cloudtrail/managementevent). The feature is available in all centralization rules supported regions. One centralized copy is ingested for free; additional copies (including backup-region copies) are charged at $0.05/GB and storage fees apply.
read more →

AWS RAM supports retaining shares when accounts move

🔒 AWS Resource Access Manager (RAM) now provides a resource share configuration that preserves shared access when accounts move between AWS Organizations. The new RetainSharingOnAccountLeaveOrganization parameter and the ram:RetainSharingOnAccountLeaveOrganization condition key allow administrators to retain access to resources such as Route53 Resolver Rules, Transit Gateways, and IPAM pools when accounts leave an organization. Security teams can enforce the setting using Service Control Policies (SCPs). RAM will treat moved accounts as external principals, requiring explicit invitation acceptance to maintain access. This capability is available in all AWS commercial Regions at no additional cost.
read more →

Chrome: Merkle Tree Certificates for quantum-safe HTTPS

🔐 Chrome announces a staged program to support quantum-resistant HTTPS by adopting Merkle Tree Certificates (MTCs), which replace long X.509 signature chains with compact Merkle inclusion proofs. The approach reduces bandwidth costs and decouples cryptographic strength from transmitted size, preserving TLS performance. Chrome is testing MTCs with Cloudflare and plans phased deployment with a new Chrome Quantum-resistant Root Store.
read more →

Combat API Sprawl with Apigee API Hub Integration Now

🤖 Apigee API Hub and API Gateway now integrate to centralize dispersed API metadata and make specs agent-ready. A new API Gateway–API Hub sync brings OpenAPI definitions and gateway configurations into a single control plane without changing existing services or client behavior. The spec boost add-on analyzes gaps and produces a specboost-draft that enriches specs with examples, parameter validation, and error details. Teams can review boosted and original specs side-by-side before adopting changes.
read more →

How Google Addresses Critical Security Topics, 2026

🛡️ Royal Hansen, VP Engineering at Google, outlines how Google Cloud is confronting emergent cybersecurity risks as AI reshapes the threat landscape. He emphasizes AI-powered malware, supply-chain and training-data poisoning, and governance challenges tied to loss-of-control of AI infrastructure. Google is advancing controls—tamper-proof provenance, model-level protections, Identity and Access Management, and treating prompts like code—while rolling out agentic workflows to augment SOC teams. The post also consolidates recent threat intelligence, incident responses, and practitioner resources.
read more →

Polyglot Storage for Chatbot Memory on Google Cloud

🧠 This article describes a polyglot storage pattern on Google Cloud to preserve conversational continuity for scaled chatbots. It recommends Memorystore for Redis for sub‑millisecond short‑term context, Cloud Bigtable as a petabyte‑scale mid‑term system of record, and BigQuery for long‑term archival and analytics. The design delegates unstructured artifacts to Cloud Storage and uses an async pipeline to balance low latency and durable persistence. Practical configuration and migration pointers help teams implement responsive, analyzable agent memory.
read more →

Eventarc Advanced: Centralized Policy, Distributed Logic

🔒 Eventarc Advanced is Google Cloud’s serverless eventing platform that separates centralized governance from distributed processing to balance SecOps control with developer autonomy. The platform uses a managed bus to enforce IAM, content-based access control, VPC Service Controls and required metadata while team-owned pipelines perform schema-aware transforms, format conversion, retries and destination auth. Generally available in August 2025, it addresses historical ESB and EDA governance gaps by combining fine-grained policy with team-level integration logic.
read more →