All news with #network security tag

🔒 AWS Network Firewall now offers SNI session holding to strengthen TLS inspection by validating the TLS SNI before initiating an outbound TCP connection. When enabled, the firewall holds TCP/TLS establishment until it receives the ClientHello SNI and evaluates it against Suricata-based TLS inspection rules, preventing any contact with disallowed endpoints. Administrators can enable this option in a TLS inspection configuration via the AWS Management Console, AWS CLI, or AWS SDK; it’s available in Regions including GovCloud and China and is billed as part of TLS advanced inspection.

📡 Over the past decade, Google Cloud evolved GKE pod networking from basic kubenet and route-based clusters to VPC-native alias IPs and the eBPF-powered Cilium Dataplane V2, improving performance, scalability, and observability. The platform now supports extreme-scale AI workloads with multi-NIC, terabit throughput, and persistent IPs for stateful functions. Looking forward, Google is exploring the Kubernetes Network Driver and the DRANET reference to expose node-level network resources via Dynamic Resource Allocation.

🌐 AWS Storage Gateway now supports IPv6 for endpoints, APIs, and gateway appliance interfaces, offering new dual‑stack access alongside IPv4. Existing IPv4-only endpoints remain available for backward compatibility. Customers can standardize on IPv6 or transition gradually using the dual‑stack appliances and APIs. Support is available in all AWS Regions where the service is offered.

🔒 Amazon Interactive Video Service (Amazon IVS) now supports media ingest via interface VPC endpoints using AWS PrivateLink. This lets customers broadcast RTMP(S) streams privately to IVS Low-Latency channels and IVS Real-Time stages without traversing the public internet. Interface VPC endpoints can be created from within your VPC or from on-premises environments over AWS Direct Connect, providing private and reliable connectivity for live video workflows. The feature is available in US West (Oregon), Europe (Frankfurt), and Europe (Ireland); standard PrivateLink pricing applies.

🔍 With this update, Amazon CloudWatch Network Monitoring flow monitors can observe traffic between AWS Regions over the AWS global network. Flow monitors deliver near real-time metrics for compute instances such as Amazon EC2 and Amazon EKS, and for services like Amazon S3 and Amazon DynamoDB, to help detect and attribute network-driven impairments. The network health indicator now captures cross-Region path health including visibility into remote public IPs and private traffic over VPC and Transit Gateway peering.

🌐 Amazon RDS Proxy now supports IPv6 addresses for pooling and sharing database connections, while continuing to offer existing IPv4 endpoints for backwards compatibility. Customers may specify proxy target connections using either IPv4 or IPv6. The change reduces the need to manage overlapping VPC address spaces and helps mobile, IoT, and modern serverless applications that open many database connections. By pooling connections, RDS Proxy improves database efficiency and application scalability.

🔒 In a world where pandemics, war, and natural disasters are inevitable, security teams must plan for continuity. The article examines two primary approaches: scaling VPN capacity for remote access or adopting a SASE framework that integrates networking and security as a cloud-delivered service. Each option has trade-offs in cost, complexity, and operational risk; readiness requires assessing user patterns, threat exposure, and recovery objectives.

🌐 Google Cloud introduces DNS64 and NAT64 for Cross‑Cloud Network to allow IPv6-only workloads to access IPv4-only services without dual‑stack. DNS64 synthesizes AAAA responses by embedding IPv4 addresses into the 64:ff9b::/96 prefix, and NAT64 translates traffic by extracting those addresses and initiating IPv4 connections on behalf of IPv6 clients. The blog post includes step‑by‑step gcloud commands to create VPCs, DNS64 policies, and a NAT64 gateway.

🔍 AWS has added the new ReceivedBytes metric for AWS Network Firewall to Amazon CloudWatch, giving customers per-firewall visibility into total incoming bytes inspected. The metric differentiates counts for the stateless and stateful engines, enabling more granular analysis of processing and performance. Available in all Regions where Network Firewall is supported, the data can be integrated into existing monitoring, alerting, and optimization workflows to support capacity planning and cost reduction.

🔐 Palo Alto Networks has been named a Leader in the inaugural 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for both Completeness of Vision and Ability to Execute. The announcement highlights the Strata Network Security Platform, which unifies hardware, virtual, container, cloud-native and FWaaS deployments under a single, cloud-based management plane. Powered by Precision AI®, the platform delivers consistent policy, automation and real-time threat prevention across hybrid environments.

🔒 AWS Client VPN now supports secure remote access to IPv6-enabled VPC resources, allowing administrators to connect remote users and devices directly to IPv6 workloads. Administrators can deploy IPv6-only or dual-stack Client VPN endpoints to preserve end-to-end IPv6 connectivity and simplify network design for organizations adopting IPv6. This capability expands prior IPv4-only support and helps meet IPv6 adoption and compliance goals. The feature is generally available in all Client VPN regions except Middle East (Bahrain) and is provided at no additional cost, with IPv6 and dual-stack endpoints billed at the existing per-hour endpoint rate.

📡 Decentralized peer-to-peer "mesh" messaging apps let nearby phones communicate without internet using Bluetooth or Wi‑Fi Direct. Popular and emerging apps — including BitChat, Bridgefy, Briar, and White Mouse — offer offline messaging with varying privacy features and tradeoffs. While useful for disasters, festivals, or local coordination, these tools have limited range, higher battery use, and mixed encryption reliability; favor open-source and independently audited projects.

🔁 Cloudflare announces the first Media over QUIC (MoQ) relay network, built on a modern transport to unify ingest and delivery for real-time media. MoQ — an open IETF protocol developed alongside vendors like Meta, Google, and Cisco — treats media as named, subscribable tracks and forwards immutable wire Objects via relays without transcoding. The design leverages QUIC features such as no head-of-line blocking, connection migration, and 0-RTT resumption to deliver sub-second latency at broadcast scale, while simplifying architectures that previously required many disparate protocols.