Security just got a little easier for AWS Elastic Load Balancing customers: the platform now supports redirects and fixed responses.
Why does that matter? Because it takes care of something that causes an unexpected number of stumbles – the transition from HTTP to HTTPS. As we discussed earlier this week, HSTS is commonly misconfigured, leaving insecure paths on a host of websites.
Redirect actions let the load balancer handle URL redirections – for example, from HTTP to HTTPS. As Amazon points out, this doesn’t just improve security compliance, it boost sites in search rankings and SSL/TLS scores. The other application is to send users to a new version of a web app.
Fixed response actions dictates what happens to client requests – for example, HTTP errors, or custom errors from the load balancer, are handled without forwarding a request through to an application.
Infinera pulls $430m from pocket, swallows Coriant
Infinera has gone shopping: the optical network transport company has bought rival Coriant for $430m in cash and shares.
As well as nearly doubling Infinera’s revenue, the company said it’s identified $100m in cost savings (sorry, staffers) through 2019, and “total cost synergies of $250m through 2021”. Until the transaction closes in Q3, the two companies will operate as independent businesses.
Earlier this month, Coriant announced an IP/MPLS network operating system targeting white-box implementations as well as its own Vibe X90 programmable packet platform.
A couple of startups for your enjoyment
White-box networking got yet another operating system, ArcOS, from startup Arrcus.
The OS has been ported to two key Broadcom merchant silicon offerings, the StrataDNX Jericho+ and StrataXGS Trident 3.
Other ArcOS features include open orchestration, standard APIs, modules can be individually restarted, and interestingly, a claim that it suffers “minimal open source dependency”. It’s designed for deployments on bare metal, virtualized, and in the cloud, the company said.
The other new kid on the block is a cloud security outfit called Bricata, which this week announced its Threat Hunting Platform that can run on on AWS, VMWare, and Linux KVM hosts.
It’s partnered up with Gigamon and Ixia, who will provide traffic data for analysis to get around a lack of Layer 2 traffic data from cloud providers. The two partners’ virtual agents can forward or mirror that data back to the Bricata platform for threat detection and analysis.
Security capabilities in the Threat Hunting Platform include packet capture, threat detection and prevention, metadata analysis, and malware detection.
Microsoft LEDBAT goes G/A
Earlier this month, we reported on a bunch of tweaks to Microsoft’s networking stack.
Microsoftie Daniel Havey got in touch to tell us that one of those capabilities, LEDBAT, has reached full support, and in response, he’s published this post elaborating on the protocol.
LEDBAT (Low Extra Delay Background Transfer) “is designed to automatically yield bandwidth to users and applications, while consuming the entire bandwidth available when the network is not in use,” Havey wrote. “It’s a scavenger protocol – it scavenges whatever network bandwidth is available on the network, and uses it. In other words, you can transfer SCCM Packages or Microsoft Updates without interfering with your users’ sanity.”
LEDBAT – RFC6817 – was authored by researchers from BitTorrent, the Franklin and Marshall College, and the University of Stuttgart. If it detects rising latency on a network, it yields resources to other applications.
Havey also published the following video to illustrate LEDBAT in action:
CableLabs adds Kubernetes to its SNAPS
CableLabs’ SDN/NFV Application development Platform and Stack project, first announced in March 2017, now runs on Kubernetes.
SNAPS-Kubernetes targets labs and development environments who want to build their virtualized network functions (VNFs) in a cloud-native environment, Levensalor wrote.
In the cloud, CableLabs reckons, VNFs will “use fewer resources, are more fault-tolerant, and quickly scale to meet demand”.
Gigamon slurps Iceberg
Gigamon has bought Seattle-based SaaS security outfit Iceberg.
The announcement describes Iceberg as specialising in “the detection and triage of threats”.
It works by gathering data from sensors deployed to customer locations, gathering network traffic metadata and streaming that to a cloud-based platform. There are also rich APIs, an advanced query language, and automated detection capabilities. ®