< ciso
brief />
Tag Banner

All news with #network security tag

150 articles · page 2 of 8

Zero Trust Often Fails at the Traffic Enforcement Layer

🛡️Organizations commonly implement strong identity, authentication and access policies under a zero-trust strategy, yet enforcement at the network traffic layer is frequently inconsistent. Gaps appear across ingress paths, load balancers, CDNs, TLS termination and east–west service communication, allowing traffic to bypass identity controls. Successful programs treat the traffic plane as the primary enforcement point: standardizing ingress, enforcing strict TLS baselines and mTLS, normalizing requests and maintaining end-to-end telemetry. The core message: mindset and policy alone are insufficient without consistent traffic-layer enforcement.
read more →

US Agencies Issue Zero Trust Guidance for OT Security

🔒 A joint guide from CISA and federal partners outlines how to adapt zero trust principles to operational technology (OT) environments while preserving safety and uptime. It details practical measures such as passive asset discovery, network segmentation, microsegmentation, identity and access controls tailored to legacy devices, and secure remote access via jump hosts with MFA. The guidance calls out risks from IT/OT convergence, including credential compromise, supply-chain vulnerabilities and malware that can disrupt physical processes. It emphasizes compensating controls where modern security features cannot be deployed, and the need for close IT–OT collaboration and integrated incident response.
read more →

AWS Client VPN Adds Native AWS Transit Gateway Support

🔗 AWS announced native integration between AWS Client VPN and AWS Transit Gateway, enabling centralized remote access across multiple VPCs and on-premises networks without an intermediate VPC. Client source IPs are preserved end-to-end, allowing authorization rules and forensic tracing to map traffic back to specific users. Transit Gateway flow logs capture connection-level details tied to those preserved client IPs, improving troubleshooting and auditability. The integration is available in all Regions where Client VPN is offered and incurs no additional charges beyond standard service pricing.
read more →

SageMaker Unified Studio: Notebook Kernels Now in VPC

🔒 Amazon SageMaker Unified Studio now runs notebook kernels inside the domain-configured Amazon VPC, providing network isolation for interactive ML and data workloads. Kernels inherit VPC settings, subnets, and security groups defined at the domain level, enabling centralized network policy and secure access to private databases, internal APIs, and non-public data sources. This VPC configuration applies to the interactive compute where Python code and dataframes execute; other compute engines have separate VPC considerations. VPC-enabled kernels are available in all Regions where SageMaker Unified Studio is supported.
read more →

Cross-Cloud Network Announcements at Google Cloud Next '26

🚀 Google announced a broad set of Cross-Cloud Network enhancements at Next ’26 to accelerate agentic AI, inference, and training while simplifying operations and strengthening security. Highlights include the Gemini Enterprise Agent Platform with an Agent Gateway, ambient networking for GKE and Cloud Run, and a GKE Inference Gateway for multi-region inference. The update also introduces the high-scale Virgo fabric, new Cloud Interconnect capabilities, Cloud Network Insights for observability, and expanded partner integrations and AI-driven security features.
read more →

AirSnitch: Breaking Client Isolation in Enterprise Wi‑Fi

📶AirSnitch demonstrates techniques that subvert enterprise Wi‑Fi protections by exploiting interactions between encryption, switching and routing. The research shows how attackers can bypass WPA2 and WPA3‑Enterprise client isolation to intercept and inject traffic across access points. It details primitives like Port Stealing, Gateway Bouncing and Broadcast Reflection and provides practical mitigations for networks and endpoints.
read more →

AirSnitch Wi-Fi Client Isolation: Risks and Mitigation

🔓 The AirSnitch research demonstrates that Wi‑Fi client isolation (guest network/device isolation) can be bypassed through a family of architectural flaws in access points, enabling traffic injection, redirection and even full MitM attacks. The methods exploit GTK handling, broadcast treatment and L2/L3 routing gaps, and affect many home and enterprise APs. Administrators should test equipment with the AirSnitch tooling and implement VLAN segmentation, per-client GTK, strong RADIUS/802.1X configs, and network-layer inspections.
read more →

Why Zero-Trust Often Fails at the Traffic Layer in Practice

🔒 Organizations often implement strong identity and access controls but miss enforcement at the traffic layer. During incidents these gaps—across ingress paths, load balancers, CDNs, and APIs—allow traffic to bypass identity checks. Common failures include weak TLS and cipher baselines, fragmented ingress, and half‑implemented mutual TLS. Effective programs treat traffic handling as the primary enforcement point through standardized ingress, request normalization, and consistent end-to-end telemetry.
read more →

Arelion Enhances DDoS Defenses with NETSCOUT Arbor

🛡️ Arelion has expanded its DDoS protection capabilities by deepening its partnership with NETSCOUT, building on over 16 years of collaboration. NETSCOUT introduced enhancements — Sightline with the Sentinel orchestration add-on, the ATLAS Intelligence Feed (AIF) for TMS, and Adaptive DDoS Protection (ADP) — to improve automation, threat intelligence, and mitigation scaling. These upgrades increase visibility and automated response across Arelion’s global backbone, improving protection for both internal systems and customer services.
read more →

ADEM Universal Agent: Unified Branch Telemetry Experience

🔧 Palo Alto Networks announces the general availability of the ADEM Universal Agent, a hardware-agnostic telemetry agent for Prisma Access designed to deliver consistent, high-fidelity data from branch and edge sites. The agent can run on VMs or containers, enabling synthetic testing, hop-by-hop path analysis, and overlay/underlay visibility regardless of on-prem hardware. By consolidating disparate telemetry into a unified data engine, the agent reduces blind spots and accelerates root-cause identification to support automated, machine-speed operations.
read more →

Secure URL and Domain Filtering with Google Cloud NGFW

🔒 Google Cloud's Cloud NGFW Enterprise now supports domain and SNI-based URL filtering with limited wildcard matching to shift enforcement to the application layer. The URL filtering service inspects HTTP payloads and SNI headers to enable granular egress policies and block malicious domains without requiring full TLS decryption. This reduces the operational burden of tracking dynamic IPs and helps prevent bypass techniques such as SNI spoofing while preserving end-to-end encryption and compliance.
read more →

Amazon WorkSpaces Personal adds unique PrivateLink DNS

🔒 Amazon WorkSpaces Personal now assigns globally unique, publicly resolvable DNS names to each AWS PrivateLink interface VPC endpoint. This change eliminates DNS name collisions across VPCs and accounts, enabling enterprises to deploy WorkSpaces Personal directories in multiple VPCs without conflict. The AWS-managed names resolve to private IP addresses reachable only within the respective VPC, require no additional Route 53 or custom DNS configuration, and remain backward compatible. The feature is available in all regions where PrivateLink supports WorkSpaces.
read more →

U.S. Bans Import of Foreign-Made Consumer Routers Nationwide

🔒 The Executive Branch has determined that foreign-made consumer routers create a supply-chain vulnerability and pose a severe cybersecurity risk that could disrupt U.S. critical infrastructure and harm U.S. persons. Any new router manufactured outside the United States must receive FCC approval before it can be imported, marketed, or sold; approval requires disclosure of foreign investors or influence and a plan to shift manufacturing to the U.S. Certain devices may be exempted by the Department of Defense or DHS, though neither agency has listed exceptions yet. Existing home routers do not need to be discarded, and market impacts may favor companies able to produce domestically, such as Starlink, while vendors like Netgear—which manufactures abroad—face new compliance and cost pressures.
read more →

Programmable Flow Protection for Custom UDP DDoS Mitigation

🛡️Programmable Flow Protection lets Magic Transit customers author and deploy custom eBPF programs across Cloudflare’s global edge to define what constitutes legitimate UDP traffic. Programs run in a verified userspace BPF VM and can pass, drop, or challenge packets using helper functions for state, cryptographic validation, and challenge emission. In beta for Magic Transit Enterprise customers, the feature enables stateful, protocol-aware DDoS mitigation that distinguishes legitimate clients from scripted or replay attacks.
read more →

ROI of Hybrid Mesh Network Security, 2026 IDC Study

🔒 IDC interviewed security leaders from global enterprises to quantify the business value of adopting a Hybrid Mesh Network Security architecture. The findings emphasize that a single control plane for managing firewalls across on‑premises, cloud, and remote environments reduces tool sprawl and operational complexity. Organizations reported faster policy deployment, improved incident response, and better alignment with initiatives such as AI transformation, enabling security teams to shift from reaction to proactive prevention and to demonstrate measurable ROI.
read more →

AWS Direct Connect: New Equinix SY5 location in Sydney

📡 AWS has opened a new AWS Direct Connect location at Equinix SY5 in Sydney, Australia. From this site you can establish private, direct network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The location supports dedicated 10 Gbps and 100 Gbps connections and offers MACsec encryption. This is the fourth Direct Connect site in Sydney and the tenth in Australia, providing a more consistent private networking option than the public internet.
read more →

Enhanced Network Visibility for Falcon macOS Sensor

🔍 The Falcon macOS sensor (v7.29+) delivers Enhanced Network Visibility, an opt-in capability that augments process telemetry with protocol and TLS-inspection attributes. It parses plaintext HTTP, extracts TLS Client Hello details including JA4 fingerprints, and identifies application protocols across ports while minimizing impact via Apple content filter APIs. New Next‑Gen SIEM events (HttpRequest, HttpResponse, TlsClientHello, AppProtocolDetected) expose the telemetry for detection and hunting workflows, and the feature can be enabled from Mac Prevention Policies in the Falcon UI.
read more →

AirSnitch: Cross-Layer Wi-Fi Identity Desynchronization

⚠️AirSnitch exploits cross-layer identity desynchronization between Layers 1 and 2 to mount full, bidirectional machine-in-the-middle attacks. An attacker on the same SSID, a different SSID, or another segment tied to the same AP can intercept and modify link-layer traffic. The technique affects home, office, and enterprise Wi‑Fi and enables DNS poisoning, credential theft, and exploitation of unpatched flaws.
read more →

Dynamic Path MTU Discovery in the Cloudflare One Client

🔧 The Cloudflare One Client now implements Path MTU Discovery to detect and avoid PMTUD black holes that silently drop large encrypted packets. Using active probes over MASQUE (built on Cloudflare’s QUIC library), the client tests packet sizes end-to-end and dynamically adjusts the virtual interface MTU. This non-disruptive background process preserves sessions across shifting networks — for example, when moving from Wi‑Fi to cellular — preventing stalled uploads, calls, or SSH sessions. The feature is available for Windows, macOS, and Linux.
read more →

Automatic Return Routing for Overlapping IP Addresses

🔁 Automatic Return Routing (ARR) is a new Cloudflare One feature, released in Closed Beta, that resolves private IP address overlap by tracking flows and returning traffic to the exact tunnel that originated the conversation. Instead of depending on routing-table lookups, ARR uses stateful flow memory to record the originating tunnel and enforce symmetric returns. This approach minimizes the need for VRF or NAT, reducing operational overhead for mergers, extranets, and uniform branch deployments while integrating with Unified Routing and the Apollo userspace hub.
read more →