All news with #network security tag

🚀 Microsoft announces the public preview of cross-cluster networking for Azure Kubernetes Fleet Manager, bringing transparent east‑west multi-cluster connectivity powered by Advanced Container Networking Services. Built on Cilium and Kubefleet, this managed capability extends the Kubernetes networking model across clusters to enable direct pod-to-pod communication, policy enforcement, and observability while preserving cluster isolation. The managed approach reduces operational overhead for multi-cluster fleets and supports resilient, global, and shared‑services architectures.

⚡ ENA Express now supports high-bandwidth traffic between Amazon EC2 instances in different Availability Zones within a Region, delivering up to 25 Gbps single-flow performance. The feature uses the AWS Scalable Reliable Datagram (SRD) protocol with multi-pathing and advanced congestion control to reduce head-of-line blocking. ENA Express establishes SRD connections automatically when both instances are enabled and supports TCP and UDP transparently. The capability is available at no additional cost across a broad set of Regions and instance types.

🌐 Amazon Web Services announced that Route 53 Resolver endpoints now support DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints. DNS64 lets IPv6-only on-premises clients reach IPv4-only services in VPCs by synthesizing AAAA records from existing A records, removing the need to modify those services. Outbound IPv6 forwarding enables Resolver outbound endpoints to forward queries to public IPv6 name servers via the IGW. These capabilities are available at no additional cost in Regions that support Route 53 Resolver endpoints.

🛡️Organizations commonly implement strong identity, authentication and access policies under a zero-trust strategy, yet enforcement at the network traffic layer is frequently inconsistent. Gaps appear across ingress paths, load balancers, CDNs, TLS termination and east–west service communication, allowing traffic to bypass identity controls. Successful programs treat the traffic plane as the primary enforcement point: standardizing ingress, enforcing strict TLS baselines and mTLS, normalizing requests and maintaining end-to-end telemetry. The core message: mindset and policy alone are insufficient without consistent traffic-layer enforcement.

🔒 A joint guide from CISA and federal partners outlines how to adapt zero trust principles to operational technology (OT) environments while preserving safety and uptime. It details practical measures such as passive asset discovery, network segmentation, microsegmentation, identity and access controls tailored to legacy devices, and secure remote access via jump hosts with MFA. The guidance calls out risks from IT/OT convergence, including credential compromise, supply-chain vulnerabilities and malware that can disrupt physical processes. It emphasizes compensating controls where modern security features cannot be deployed, and the need for close IT–OT collaboration and integrated incident response.

🔗 AWS announced native integration between AWS Client VPN and AWS Transit Gateway, enabling centralized remote access across multiple VPCs and on-premises networks without an intermediate VPC. Client source IPs are preserved end-to-end, allowing authorization rules and forensic tracing to map traffic back to specific users. Transit Gateway flow logs capture connection-level details tied to those preserved client IPs, improving troubleshooting and auditability. The integration is available in all Regions where Client VPN is offered and incurs no additional charges beyond standard service pricing.

🔒 Amazon SageMaker Unified Studio now runs notebook kernels inside the domain-configured Amazon VPC, providing network isolation for interactive ML and data workloads. Kernels inherit VPC settings, subnets, and security groups defined at the domain level, enabling centralized network policy and secure access to private databases, internal APIs, and non-public data sources. This VPC configuration applies to the interactive compute where Python code and dataframes execute; other compute engines have separate VPC considerations. VPC-enabled kernels are available in all Regions where SageMaker Unified Studio is supported.

🚀 Google announced a broad set of Cross-Cloud Network enhancements at Next ’26 to accelerate agentic AI, inference, and training while simplifying operations and strengthening security. Highlights include the Gemini Enterprise Agent Platform with an Agent Gateway, ambient networking for GKE and Cloud Run, and a GKE Inference Gateway for multi-region inference. The update also introduces the high-scale Virgo fabric, new Cloud Interconnect capabilities, Cloud Network Insights for observability, and expanded partner integrations and AI-driven security features.

📶AirSnitch demonstrates techniques that subvert enterprise Wi‑Fi protections by exploiting interactions between encryption, switching and routing. The research shows how attackers can bypass WPA2 and WPA3‑Enterprise client isolation to intercept and inject traffic across access points. It details primitives like Port Stealing, Gateway Bouncing and Broadcast Reflection and provides practical mitigations for networks and endpoints.

🔓 The AirSnitch research demonstrates that Wi‑Fi client isolation (guest network/device isolation) can be bypassed through a family of architectural flaws in access points, enabling traffic injection, redirection and even full MitM attacks. The methods exploit GTK handling, broadcast treatment and L2/L3 routing gaps, and affect many home and enterprise APs. Administrators should test equipment with the AirSnitch tooling and implement VLAN segmentation, per-client GTK, strong RADIUS/802.1X configs, and network-layer inspections.

🔒 Organizations often implement strong identity and access controls but miss enforcement at the traffic layer. During incidents these gaps—across ingress paths, load balancers, CDNs, and APIs—allow traffic to bypass identity checks. Common failures include weak TLS and cipher baselines, fragmented ingress, and half‑implemented mutual TLS. Effective programs treat traffic handling as the primary enforcement point through standardized ingress, request normalization, and consistent end-to-end telemetry.

🛡️ Arelion has expanded its DDoS protection capabilities by deepening its partnership with NETSCOUT, building on over 16 years of collaboration. NETSCOUT introduced enhancements — Sightline with the Sentinel orchestration add-on, the ATLAS Intelligence Feed (AIF) for TMS, and Adaptive DDoS Protection (ADP) — to improve automation, threat intelligence, and mitigation scaling. These upgrades increase visibility and automated response across Arelion’s global backbone, improving protection for both internal systems and customer services.

🔧 Palo Alto Networks announces the general availability of the ADEM Universal Agent, a hardware-agnostic telemetry agent for Prisma Access designed to deliver consistent, high-fidelity data from branch and edge sites. The agent can run on VMs or containers, enabling synthetic testing, hop-by-hop path analysis, and overlay/underlay visibility regardless of on-prem hardware. By consolidating disparate telemetry into a unified data engine, the agent reduces blind spots and accelerates root-cause identification to support automated, machine-speed operations.

🔒 Google Cloud's Cloud NGFW Enterprise now supports domain and SNI-based URL filtering with limited wildcard matching to shift enforcement to the application layer. The URL filtering service inspects HTTP payloads and SNI headers to enable granular egress policies and block malicious domains without requiring full TLS decryption. This reduces the operational burden of tracking dynamic IPs and helps prevent bypass techniques such as SNI spoofing while preserving end-to-end encryption and compliance.

🔒 Amazon WorkSpaces Personal now assigns globally unique, publicly resolvable DNS names to each AWS PrivateLink interface VPC endpoint. This change eliminates DNS name collisions across VPCs and accounts, enabling enterprises to deploy WorkSpaces Personal directories in multiple VPCs without conflict. The AWS-managed names resolve to private IP addresses reachable only within the respective VPC, require no additional Route 53 or custom DNS configuration, and remain backward compatible. The feature is available in all regions where PrivateLink supports WorkSpaces.

🔒 The Executive Branch has determined that foreign-made consumer routers create a supply-chain vulnerability and pose a severe cybersecurity risk that could disrupt U.S. critical infrastructure and harm U.S. persons. Any new router manufactured outside the United States must receive FCC approval before it can be imported, marketed, or sold; approval requires disclosure of foreign investors or influence and a plan to shift manufacturing to the U.S. Certain devices may be exempted by the Department of Defense or DHS, though neither agency has listed exceptions yet. Existing home routers do not need to be discarded, and market impacts may favor companies able to produce domestically, such as Starlink, while vendors like Netgear—which manufactures abroad—face new compliance and cost pressures.

🛡️Programmable Flow Protection lets Magic Transit customers author and deploy custom eBPF programs across Cloudflare’s global edge to define what constitutes legitimate UDP traffic. Programs run in a verified userspace BPF VM and can pass, drop, or challenge packets using helper functions for state, cryptographic validation, and challenge emission. In beta for Magic Transit Enterprise customers, the feature enables stateful, protocol-aware DDoS mitigation that distinguishes legitimate clients from scripted or replay attacks.

🔒 IDC interviewed security leaders from global enterprises to quantify the business value of adopting a Hybrid Mesh Network Security architecture. The findings emphasize that a single control plane for managing firewalls across on‑premises, cloud, and remote environments reduces tool sprawl and operational complexity. Organizations reported faster policy deployment, improved incident response, and better alignment with initiatives such as AI transformation, enabling security teams to shift from reaction to proactive prevention and to demonstrate measurable ROI.

📡 AWS has opened a new AWS Direct Connect location at Equinix SY5 in Sydney, Australia. From this site you can establish private, direct network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The location supports dedicated 10 Gbps and 100 Gbps connections and offers MACsec encryption. This is the fourth Direct Connect site in Sydney and the tenth in Australia, providing a more consistent private networking option than the public internet.

🔍 The Falcon macOS sensor (v7.29+) delivers Enhanced Network Visibility, an opt-in capability that augments process telemetry with protocol and TLS-inspection attributes. It parses plaintext HTTP, extracts TLS Client Hello details including JA4 fingerprints, and identifies application protocols across ports while minimizing impact via Apple content filter APIs. New Next‑Gen SIEM events (HttpRequest, HttpResponse, TlsClientHello, AppProtocolDetected) expose the telemetry for detection and hunting workflows, and the feature can be enabled from Mac Prevention Policies in the Falcon UI.