Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In my previous blog post, What you can’t do with Kubernetes network policies (unless you use Calico): Policies to all namespaces or pods, I talked about this use case from the list of nine things you cannot implement using basic Kubernetes network policy — policies to all namespaces or pods. In this blog post, we’ll be focusing on the next use case — advanced policy querying and reachability tooling.

Security-oriented organizations continuously identify, monitor, and manage internet-connected assets to protect them from emerging attack vectors and potential vulnerabilities. Security teams go through every element of the organization’s security posture – from firewalls and cloud-hosted assets to endpoint devices and entry points – looking for opportunities to reduce security risks. This process is called attack surface management.

Like all security tools, firewalls can be hacked. That’s what happened to the social media platform X in January 2023, when it was still Twitter. Hackers exploited an API vulnerability that had been exposed since June the previous year. This gave them access to the platform’s security system and allowed them to leak sensitive information on millions of users. This breach occurred because the organization’s firewalls were not configured to examine API traffic with enough scrutiny.

If security policies aren’t periodically updated to meet modern threat demands, organizations risk introducing vulnerabilities into their IT security posture. Comprehensive audit reports help security leaders gain in-depth visibility into their organization’s cybersecurity strategy and assess the resilience of its network infrastructure.

If you are used to managed MPLS services, transitioning to Internet last-mile access as part of SD-WAN or SASE might cause some concern. How can enterprises ensure they are getting a reliable network if they are not promised end-to-end SLAs? The answer: by dividing the enterprise backbone into the two last miles connected by a middle mile and then applying appropriate redundancy and failover systems and technologies in each section.

Two months ago, we made Cloudflare Turnstile generally available — giving website owners everywhere an easy way to fend off bots, without ever issuing a CAPTCHA. Turnstile allows any website owner to embed a frustration-free Cloudflare challenge on their website with a simple code snippet, making it easy to help ensure that only human traffic makes it through.

In 2023, organizations faced a surge in ransomware attacks, prompting a reevaluation of cybersecurity readiness. The focus on high-value assets and critical infrastructure indicated an escalating threat landscape, demanding stronger preemptive measures. This trend is expected to continue in 2024 as cybercriminals exploit vulnerabilities.

IPsec is a set of Internet Protocols offering secure connection between devices. It is generally used by Virtual Private Networks for encrypting IP packets and authenticating the sources.