All news with #infrastructure security tag

🧠 This article presents a blueprint architecture for securing AI data centers and AI factories as enterprises shift from consuming AI to producing it. It explains how organizations can protect LLMs, data pipelines, and compute infrastructure against emerging, AI-specific threats by combining network segmentation, identity and access controls, data governance, and advanced threat prevention. Check Point emphasizes operational practices and industrial-grade security controls to enable secure, revenue-generating AI deployments.

🔒 Amazon EKS now offers a 99.99% Service Level Agreement for clusters running on the Provisioned Control Plane, up from the 99.95% SLA on the standard control plane. The upgraded SLA is measured in 1-minute intervals to deliver a more granular availability commitment for mission-critical workloads. At the same time, EKS introduces an 8XL scaling tier that doubles Kubernetes API server request processing capacity compared with the 4XL tier. Both the new SLA and the 8XL tier are available today in all regions where the Provisioned Control Plane is offered.

🔧 AWS announced the Neuron Dynamic Resource Allocation (DRA) driver for Amazon EKS, enabling Kubernetes-native, hardware-aware scheduling on Trainium-based instances. The driver publishes detailed device attributes — including hardware topology and Neuron-EFA PCIe co-location — directly to the Kubernetes scheduler, removing the need for custom scheduler extensions. Infrastructure teams can publish reusable ResourceClaimTemplates, while ML engineers reference them to deploy workloads without manual hardware tuning.

🚀 Amazon Web Services has expanded availability of Amazon EC2 C8gn instances—powered by the latest-generation AWS Graviton4 processors—to additional regions including Jakarta, Hyderabad, Tokyo, São Paulo, and Zurich. C8gn provides up to 30% better compute performance versus Graviton3-based C7gn instances, and uses 6th-generation Nitro Cards to deliver up to 600 Gbps network bandwidth. Instance sizes scale to 48xlarge with up to 384 GiB of memory, up to 60 Gbps EBS bandwidth, and EFA support on larger SKUs to improve cluster latency and throughput for network‑intensive and CPU‑bound inference workloads.

🔍 AWS Lambda now exposes Availability Zone (AZ) metadata through a new metadata endpoint in the execution environment. Developers can retrieve the AZ ID (for example, use1-az1) to implement AZ-aware routing and prefer same-AZ endpoints to reduce cross-AZ latency. The feature supports all runtimes, custom runtimes, and container images, and works with SnapStart, provisioned concurrency, and VPC-enabled functions. Available at no extra cost in all commercial Regions.

🔒 Eclypsium researchers disclosed nine vulnerabilities in low-cost IP KVM devices from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM. The most severe flaws can allow unauthenticated attackers to gain root or execute arbitrary code and operate at BIOS/UEFI levels, enabling keystroke injection, booting from removable media, and persistence beyond OS defenses. Some vendors have issued firmware fixes, but critical issues in Angeet ES3 remain unpatched. Administrators should apply available updates, isolate KVMs, and enforce stronger access controls.

⚠️ Zero trust principles deliver measurable gains in enterprise IT, but they often miss dominant failure modes in IoT and OT. The author argues that zero trust assumes explicit, identity-centric and continuously enforceable trust, while IoT/OT systems rely on implicit, durable trust relationships and centralized control paths. Adopt the unified linkage model (ULM) to map adjacency, inheritance and trust propagation, and prioritize protection of management planes, firmware update paths and vendor integrations.

⚙️ Amazon EC2 M8g instances are now available in Africa (Cape Town), Asia Pacific (Malaysia), Europe (Milan, Zurich), and Canada West (Calgary). Built on the AWS Graviton4 processors and the AWS Nitro System, M8g delivers up to 30% better performance versus Graviton3 and provides larger sizes with up to 3x more vCPUs and memory. The family includes 12 sizes (two bare metal) with up to 50 Gbps networking and 40 Gbps EBS bandwidth, targeting general-purpose workloads and migrations to Graviton.

⚙️ The Azure IaaS Resource Center centralizes guidance, demos, architectures, and best practices to help teams design, optimize, and operate cloud infrastructure across compute, storage, and networking. It advocates a system-level approach that unifies hardware, intelligent software, networking, and orchestration to deliver consistent performance and resiliency. The center highlights built-in security, AI-ready VM families, scalability options, and cost-optimization tools to align infrastructure decisions with business outcomes.

🚀 H4D VMs are now generally available on Google Cloud, powered by 5th Gen AMD EPYC processors and featuring Cloud RDMA on the Titanium network adapter. They deliver substantial throughput and scaling gains across HPC domains—healthcare, manufacturing, EDA and weather—while supporting Slurm and GKE orchestration, Cluster Toolkit, Google Cloud Batch and DWS consumption models. Google cites multi-node benchmark speedups up to 5.8× and access to compute as low as $0.03 per core‑hour.

🔍 Enterprises are re-evaluating data center strategies as AI adoption, rising energy costs and regulatory pressure reshape requirements. Many organizations are bringing workloads back from public clouds and investing in modern on-premises or private cloud models to regain control, ensure compliance and optimize efficiency. Edge, IoT and AI inference add new location, latency and power demands, forcing hybrid decisions that balance performance with geopolitical and economic realities.

🧭 Project Helix automates onboarding for Cloudflare One, converting deployment expertise into reusable, language-aware Terraform templates and a Cloudflare Workers UI. In minutes, tenants receive baseline DNS, network, and HTTP security policies, TLS inspection options, and granular SaaS tenant controls. Administrators can toggle recommended protections to deploy consistent, error‑free configurations quickly.

🔄 Enterprises are reimagining data centers as they modernize infrastructure to balance on‑premises, public cloud and edge deployments. Many are repatriating workloads and evaluating hybrid or private cloud models to retain control, meet data‑protection requirements and improve efficiency. Simultaneously, AI inference, IoT and edge compute impose new demands on latency, location and power delivery. Rising energy prices and geopolitics are increasingly central to site selection and long‑term capacity planning.

🔐 The article contends that application security must start at the load balancer, which serves as the primary traffic entry and trust boundary rather than just a performance device. The author describes consulting cases across finance, healthcare, SaaS and retail where permissive edge settings enabled downgrade attacks, bot floods, and long-term technical debt. Recommended controls include enforcing modern TLS, sanitizing requests, applying bot and rate controls at the edge, and integrating the load balancer with downstream WAFs and security tools to reduce incident scope and operational cost.

🔍 Data center modernization has become a strategic imperative as organizations accelerate deployment of AI and other compute-intensive applications. Success requires coordinated investment across servers, storage, networking, software, and security, and strong partnerships with vendors and integrators. IT leaders need clear roadmaps, measurable milestones, and solutions that balance performance, cost, and operational resilience to enable rapid, secure adoption.

⚙️Data centers must evolve quickly to support AI workloads and deliver measurable business outcomes. This Spotlight report explains the technical and organizational shifts required to bring infrastructure into the AI age, spanning servers, storage, high-performance computing, networking, software, and security. IT leaders will find actionable guidance on roadmaps, partner selection, and prioritization to accelerate modernization and reduce deployment risk.

🔧 Amazon SageMaker HyperPod now supports API-driven Slurm configuration, enabling you to define Slurm topology, instance group to partition mappings, and FSx filesystem mounts directly in the cluster CreateCluster and UpdateCluster APIs or via the AWS Console. The update lets you specify node roles such as Controller, Login, and Compute per instance group and mount FSx for Lustre or FSx for OpenZFS filesystems. A new SlurmConfigStrategy (Managed, Overwrite, Merge) detects partition-node drift and controls whether updates are paused, overwritten, or merged to preserve manual customizations.

🔔 Amazon Elastic Container Service (ECS) Managed Instances now integrate with Amazon EC2 Capacity Reservations, letting you apply reserved capacity to managed EC2 compute while ECS handles infrastructure. Configure capacity providers with capacityOptionType=reserved and choose reservation preferences — reservations-only, reservations-first, or reservations-excluded — to balance predictability and cost. Available in all regions and configurable via Console, CLI, CloudFormation, or SDKs.

📡 Fortinet announced Alliance Partnerships with Parsec Technologies and Westermo to deliver ruggedized, rapidly deployable secure connectivity for mobile and fixed cyber-physical systems. The Parsec Emergency Connectivity Kit (ECK) packages preconfigured Fortinet devices with rugged enclosures and high-gain antennas for quick field deployment, available as Bloodhound (mobility) and Pitbull (resilience) models. Westermo integration brings WeOS switches and cellular routers into the Fortinet Security Fabric via IPsec, while FortiAuthenticator and FortiPAM extend identity and privileged access controls for industrial sites.

🌐 Google today announced America-India Connect, a multi-year initiative anchored by a five-year $15 billion AI infrastructure investment in India to expand connectivity across four continents. The program will build a new subsea gateway in Visakhapatnam, add three subsea paths linking India to Singapore, South Africa, and Australia, and deploy four strategic fiber-optic routes between the United States, India, and Southern Hemisphere locations. These investments aim to boost network resilience, capacity, and affordable access to digital services while supporting skilling and government training platforms.