Simplifying Network Security with Context-Aware Micro-Segmentation

I spent about a year completely focused on network security, and one thing I learned was that spending all my time focused on securing the perimeter to the neglect of intra-LAN traffic was a recipe for disaster.

Most of the traffic in our data centers is east-west, with only a small fraction actually being northbound out to the rest of the world. The cost of massive firewall appliance clusters operating at line-rate is astronomical, and it doesn’t make sense to punt traffic all over the place if there’s a better way.

Continue reading “Simplifying Network Security with Context-Aware Micro-Segmentation” →

April 25, 2018 2

Information Security: Something Doesn’t Add Up

My experience leads me to think that information security is, in actual practice, more a matter of reacting to something bad that happened in the news shaking up the C-level enough to do something. But I don’t think the solemn promises of tighter security and subsequent actions match up. I may not be able to spot a tell like Patrick Jane, but something doesn’t seem right.

Continue reading “Information Security: Something Doesn’t Add Up” →

January 26, 2016 4

Why Buy One When You Can Buy Two For Twice the Price

I get pretty excited when new network gear shows up at the loading dock. I get psyched when I get to configure an interesting technology that I rarely get to use. But considering our responsibility to our customer or employer, sometimes we need to put that aside in favor of the simpler (or cheaper) but more appropriate solution. Let me give you one example.

Continue reading “Why Buy One When You Can Buy Two For Twice the Price” →