Latest news with #networksecurity
Forbes
3 days ago
- Business
- Forbes
Browser-Based SaaS: The New Face Of Shadow IT
Andrius Buinovskis is Head of Product at NordLayer, a toggle-ready network security platform for business. As more applications migrate to the web, businesses are becoming increasingly reliant on the browser. While a browser-first approach offers various benefits, it also introduces additional risks. The growth of shadow IT and shadow transition of data are key concerns cybersecurity leaders should consider when navigating the shift to a web-based work environment. Popular desktop software is moving to the web, and enterprises are following suit. According to research, most employees can complete 80% of their work tasks using a browser. Browser-based applications boost productivity and enhance team collaboration by delivering a smooth, user-friendly experience. Moreover, they're easier and less expensive to maintain, adding to their appeal. Considering the benefits of shifting to a browser-based work environment and its eager adoption, it seems the future is web-based. However, emerging trends come with new (or rather old but revolutionized) risks—the increasing use of web-based software-as-a-service (SaaS) applications is expanding the scope of shadow IT and shadow transition of data. The Hidden Dangers Of Web-Based Applications With the rise of web-based applications, shadow IT has turned into a software zoo. Before the shift toward a browser-first approach, the primary concerns associated with shadow IT were unmanaged devices and unauthorized desktop software. However, these risks were more limited—the bring-your-own-device (BYOD) phenomenon wasn't as widespread, desktop software needed to be installed, and security admins would eventually discover unauthorized applications during security audits. Now, CISOs are faced with a new, stealthier threat. Employees can instantly start using any web-based SaaS application by simply clicking on a link in the browser. Not all consumer-grade platforms are safe. Many do not have sufficient security controls, increasing the risk of experiencing a cybersecurity incident, such as exposing sensitive corporate data or employee log-in credentials. They lack strong user authentication while additional integrations create unauthorized data pipelines to third-party services. Also, they do not protect users from accidentally making confidential information visible to the public via search engines or large language models (LLMs). Moreover, because they prioritize performance over security, they rarely meet regulatory requirements, opening the door to potential compliance violations. As a result of the lack of observability security admins have into employees' use of unauthorized web-based applications, data movement can easily go undetected. Users can copy sensitive information, documents or files and transfer them to unauthorized applications. Because these platforms can be accessed from anywhere with just a web browser, are usually connected to other applications and often come equipped with copy-paste or drag-and-drop functionalities, unintentionally leaking information has become almost inevitable. These information leaks increase the scope of information existing outside of security admins' oversight (shadow data), which can result in a devastating cybersecurity incident. According to a report by IBM, one in three data breaches in 2024 involved the use of shadow data. How To Prevent Browser-Based Cybersecurity Incidents Web-based applications can create a significant security blind spot. Although securing the browser can be challenging, the high risk of experiencing a cybersecurity incident requires that no security gaps are left unattended. Here are some key areas businesses need to focus on to ensure they're prepared to combat browser-based attacks: High observability and the ability to enforce security policies are the main tools to help protect businesses against web-based threats. Traditional browsers do not have built-in security tools. As a result, businesses that have embraced a browser-first approach should consider switching to an enterprise browser, allowing security teams to observe employee activity and enforce security policies across the company. Stolen employee login credentials can lead to a data breach, particularly when employees reuse their organizational network passwords to access unauthorized web-based SaaS applications. Enforcing effective password management policies, such as always using different, random and complex passwords, helps to reduce the risk of cybercriminals infiltrating the company's network. Employees are the first line of defense against browser-based attacks. Ensuring they know the dangers of using unauthorized web-based SaaS applications and how unsafe the majority of these platforms are can help dissuade users from engaging with them, reducing the overall scope of shadow IT. In Conclusion Embracing web-based SaaS applications can be transformative for productivity and collaboration, but without robust security measures, a browser-first approach can ultimately do more harm than good. Considering the rapid rate at which organizations and employees embrace the browser, the shift to a web-based environment is inevitable. By prioritizing a comprehensive cybersecurity strategy, you can ensure you're safeguarded against browser-based incidents. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
3 days ago
- Business
- Yahoo
New EMA™ PRISM Report Evaluates 16 Leading Microsegmentation Solutions
Comprehensive analysis empowers business and security leaders to select the right microsegmentation tools for modern threat defense LAFAYETTE, Colo., June 25, 2025 /PRNewswire/ -- Enterprise Management Associates (EMA), a leading IT research and consulting firm dedicated to delivering actionable insights across the technology landscape, today announced the release of its newest PRISM report, "EMA™ PRISM Report - Microsegmentation." Authored by Christopher Steffen, CISSP, CISA, CCZT, and vice president of research covering information security, risk and compliance management at EMA, the report delivers a structured framework for evaluating 16 microsegmentation solutions shaping today's cybersecurity landscape. Microsegmentation is a network security technique that divides data center and cloud networks into small, isolated segments, down to individual workloads. This granular isolation enhances security by limiting lateral movement within a network, drastically reducing the attack surface. Unlike traditional perimeter-based security, which focuses on keeping threats out, microsegmentation assumes breaches can and will occur, and aims to contain them swiftly within a defined segment, preventing widespread damage. The EMA™ PRISM methodology evaluates vendors across three dimensions: Product and Functionality Integrations and Operability Strength and Maturity The report synthesizes vendor briefings, analyst insights, and public user sentiment to offer actionable, easy-to-digest profiles for each solution. It is designed to support both technical decision-makers and business leaders in selecting the right-fit solution for their environments. For this report, the following vendor solutions were evaluated: Akamai Guardicore Segmentation AlgoSec Security Management Solution Aruba Fabric Composer Broadcom VMware vDefend Distributed Firewall Cisco Secure Workload ColorTokens Xshield Microsegmentation Platform Elisity Identity-Based Microsegmentation Illumio Segmentation Platform Nutanix Flow Network Security Ordr Systems Control Engine (SCE) Palo Alto Networks Prisma Cloud Tempered Airwall Tufin Orchestration Suite Zentera Systems CoIP Platform Zero Networks Platform Zscaler Private Access The report provides a comprehensive overview of each solution along with an evaluation of key security criteria, offering organizations a practical starting point for vendor selection. "The network microsegmentation market is not merely growing, it is becoming the foundation for robust security architectures," said Steffen. "Organizations considering a microsegmentation solution stand to gain reduced attack surfaces, containment of breaches by limiting lateral movement, and the ability to implement granular, identity-driven policies that align perfectly with Zero Trust principles." Access the Full ReportTo access your copy of the EMA™ PRISM Report on Microsegmentation, visit About EMA Founded in 1996, EMA is a leading IT research and consulting firm dedicated to delivering actionable insights across the evolving technology landscape. Through independent research, market analysis, and vendor evaluations, we empower organizations to make well-informed technology decisions. Our team of analysts combines practical experience with a deep understanding of industry best practices and emerging vendor solutions to help clients achieve their strategic objectives. Learn more about EMA research, analysis, and consulting services at and follow them on X and LinkedIn. Media Contact:Raleigh GouldEnterprise Management Associates303-543-9500rgould@ View original content to download multimedia: SOURCE Enterprise Management Associates Sign in to access your portfolio
Zawya
4 days ago
- Business
- Zawya
Jeraisy Electronic Services launches SASE Services powered by Huawei
Riyadh, Saudi Arabia – Jeraisy Electronic Services (JES), a leading Service Provider (ISP) company in Saudi Arabia, launched SASE services powered by Huawei at an event in Riyadh, marking a new chapter in its strategic network security collaboration and driving significant momentum toward Saudi Arabia's digital transformation. Abdulrahman Khaled Aljeraisy, GM of Jeraisy Electronic Services, stated that based on Huawei's AI-enabled network security convergence SASE solution and Jeraisy professional service capabilities, they will provide one-stop solutions with accurate detection and efficient O&M for more than 1000 customers in various industries with long-term cooperation. Kellen Wang, Deputy CEO of Huawei KSA, stated that this collaboration brings together Huawei SASE Solution with AI technologies across a four-layer architecture—cloud, network, edge, and endpoints—leveraging JES's deep local expertise in the ISP market, setting a new benchmark for secure and intelligent digital transformation in the region. Driving Network security Advancements in Alignment with Customers' needs With the ongoing implementation of Saudi Arabia's Vision 2030, digital transformation is accelerating across both public and private sectors, driving growth in the ICT and network security sectors. JES proactively sought technology partners to innovate its service model. Through a deep collaboration with Huawei, it successfully launches a next-generation security service based on the Huawei SASE (Secure Access Service Edge) solution, fully supporting its transition from a traditional Managed Service Provider (MSP) to a Managed Security Service Provider (MSSP), and aligning its offerings with the evolving security needs of government and enterprise clients. Huawei SASE Solution: AI-Powered Network security To meet JES's transformation goals and business needs, Huawei provided the SASE Solution, designed to secure those scenarios across cloud, network, edge, and endpoints, with three core capabilities: Intelligent Detection: Powered by AI-based threat detection engines, this solution achieves a 95% detection rate for unknown threats, which is 15% higher than the industry standard. Intelligent Collaboration: By leveraging Huawei's repository of over 8,000 inference rules and AI algorithms, the system automates 99% of security event handling, enabling full lifecycle threat management. Intelligent Integration: A unified security controller integrates network and security operations, enabling real-time threat mitigation via coordinated responses across endpoints, networks, and security devices, effectively blocking threats at their source. This solution has significantly enhanced JES's security operations, enabling the delivery of more competitive, efficient, and intelligent managed security services to its customers. Driving Efficiency and Unlocking Long-Term Value In addition to strengthening security, the Huawei SASE Solution helps JES improve operational efficiency and lower the total cost of ownership (TCO). 10x Efficiency Boost: Unified platform operations for SD-WAN, firewall, and zero-trust functions streamline management workflows. 30% TCO Reduction: By deploying iMaster NCE-Campus and Qiankun OP locally, JES achieves integrated LAN/WAN and security operations, significantly lowering hardware reliance and resource investment. Flexible Architecture: License pooling decouples resources from tenants, enabling agile business models and sustained profitability in a competitive market. Looking Ahead: Building a Secure and Digital Saudi Arabia Through this collaboration, JES has successfully transformed from a traditional MSP into a next-generation MSSP with the Huawei SASE solution. This evolution enables Jeraisy to deliver more agile, powerful, and scalable network security services to a broad customer base. Huawei will continue to support Saudi Arabia's Vision 2030, helping local enterprises achieve digital transformation, promote smart city development, and drive industrial upgrades, laying a solid foundation for a more secure and intelligent future for the Kingdom. -Ends-
Globe and Mail
18-06-2025
- Business
- Globe and Mail
Will the Traction in SASE and Zero Trust Keep Driving Cloudflare?
Cloudflare NET signed its longest secure access service edge (SASE) contract in the first quarter of 2025 and has been gaining traction constantly as enterprises modernize and simplify their network security and connectivity. Cloudflare combines its Zero Trust security products like Cloudflare Gateway, remote browser isolation and cloud access security broker with its Network Services like Magic WAN, Magic Transit and Magic Firewall, Cloudflare Network Interconnect and spectrum to provide an end-to-end cloud-based secured SASE solution that simplifies the adoption process for its clients, helping NET in winning larger deals. Cloudflare has also partnered with industry giants like TD SYNNEX to expand the geographical reach of its managed security services across Latin America, including Zero Trust and SASE solutions, to support MSSP growth in the region. In the Zero Trust space, NET has been witnessing tremendous customer growth for its core application services portfolio, Zero Trust solutions and network services like Magic Transit in Cloudflare One. NET has made Zero Trust integrations with companies like Atlassian, Microsoft and Sumo Logic, to enable small, medium and large-sized businesses to secure reliable tools and applications with enterprise-ready Zero Trust security. This strategy has expanded the reach of the Cloudflare One Zero Trust platform to more than 10,000 companies worldwide. These factors have helped Cloudflare to achieve 250,819 paying customers at the end of the first quarter, up 27% year over year. NET added 30 new customers during the quarter who contributed more than $100,000 in annual revenues. The total count of such customers reached 3,527 at the end of the quarter. How Competitors Fare Against Cloudflare Cloudflare faces stiff competition from Palo Alto Networks PANW and Zscaler ZS in SASE and Zero Trust offerings. Palo Alto Networks' SASE platform has an active customer user base of more than 6,000. Palo Alto Networks achieved 36% year-over-year growth in SASE ARR and 16% growth in $1 million-plus deals in the third quarter of fiscal 2025, making it a dominant SASE player. Zscaler, on the other hand, leads the Zero Trust space and also offers SASE solutions. The company offers Zero Trust Network Access solutions through Zscaler Private Access, which enables secure application access without VPN. ZS is now moving toward the Zero Trust Everywhere model, which secures cloud, endpoint and network. Zscaler also provides a full SASE platform by combining identity access, private access and cloud protection. Since the competition in the SASE and Zero Trust space is high, this remains an investor's concern for Cloudflare's growth. However, since the SASE market is witnessing a CAGR of 23.6% and the Zero Trust Market is seeing a CAGR of 16.7%, Cloudflare has enough headroom to expand its business. Cloudflare's Price Performance, Valuation and Estimates Shares of NET have surged 68.6% year to date compared with the Zacks Internet - Software industry's growth of 13%. From a valuation standpoint, NET trades at a forward price-to-sales ratio of 26.77X, higher than the industry's average of 5.68X. The Zacks Consensus Estimate for NET's fiscal 2025 and 2026 earnings implies year-over-year growth of 5.33% and 31.64%, respectively. The estimates for fiscal 2025 earnings have been revised downward in the past 60 days, and the 2026 earnings have been revised downward in the past 30 days. NET currently carries a Zacks Rank #3 (Hold). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. 5 Stocks Set to Double Each was handpicked by a Zacks expert as the #1 favorite stock to gain +100% or more in the coming year. While not all picks can be winners, previous recommendations have soared +112%, +171%, +209% and +232%. Most of the stocks in this report are flying under Wall Street radar, which provides a great opportunity to get in on the ground floor. Today, See These 5 Potential Home Runs >> Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Palo Alto Networks, Inc. (PANW): Free Stock Analysis Report Zscaler, Inc. (ZS): Free Stock Analysis Report Cloudflare, Inc. (NET): Free Stock Analysis Report
Geeky Gadgets
18-06-2025
- Geeky Gadgets
Master UniFi's Zone-Based Firewall Rules for Ultimate Network Security
Have you ever wondered how to strike the perfect balance between network security and ease of management? For many, configuring firewalls can feel like navigating a maze of technical jargon and endless rule sets. But UniFi's new zone-based firewall rules aim to change that. By introducing a more intuitive and granular approach to managing traffic, this system enables users to create secure, organized networks without the headache of overly complex setups. Whether you're safeguarding a home network or managing enterprise-level infrastructure, these tools promise to simplify configurations while significantly enhancing security. In this step-by-step primer, SpaceRex breaks down everything you need to know about UniFi's latest innovation. From understanding the core structure of zone-based firewalls to crafting precise rules that protect your most critical assets, this guide will help you unlock the full potential of this powerful system. Along the way, you'll discover how to isolate vulnerable devices, reduce your network's attack surface, and maintain seamless functionality—all without sacrificing control. Ready to rethink how you manage your network? Let's explore how these tools can transform your approach to digital security. UniFi Zone Firewall Overview Why Zone-Based Firewall Rules Matter The transition to a zone-based firewall structure introduces several critical advantages for network administrators. By organizing your network into logical zones, this system allows for more precise and efficient management of traffic. Key benefits include: Enhanced traffic control: Apply rules at the interface level to manage data flow with precision. Apply rules at the interface level to manage data flow with precision. Improved visualization: Easily configure and manage zones and rules through a user-friendly interface. Easily configure and manage zones and rules through a user-friendly interface. Reduced attack surface: Limit unnecessary access between zones to strengthen overall security. This approach not only simplifies network management but also establishes clear boundaries between different types of traffic, making sure a more secure and organized digital environment. Understanding the Zone-Based Firewall Structure UniFi's zone-based firewall organizes your network into predefined and customizable zones, each tailored to specific purposes. The default zones include: Internal: Trusted networks, such as office or home environments, where devices communicate freely. Trusted networks, such as office or home environments, where devices communicate freely. Hotspot: Guest networks designed to isolate visitors from internal resources, making sure privacy and security. Guest networks designed to isolate visitors from internal resources, making sure privacy and security. DMZ: External-facing services like web or email servers that require limited access to internal systems. In addition to these default zones, you can create custom zones to address unique requirements. For example, you might isolate IoT devices to prevent them from accessing sensitive resources or segment critical servers for added protection. This structure allows you to group devices and services logically, making sure efficient traffic management and enhanced security. New Unifi Zone Firewall Rules Setup Guide 2025 Watch this video on YouTube. Enhance your knowledge on cybersecurity by exploring a selection of articles and guides on the subject. Granular Rule Creation for Enhanced Control One of the standout features of UniFi's zone-based firewall is its ability to define highly specific traffic rules between zones. This level of granularity enables you to: Block untrusted devices: Prevent unauthorized devices from accessing internal resources. Prevent unauthorized devices from accessing internal resources. Restrict access: Limit office network access to specific servers or services based on operational needs. Limit office network access to specific servers or services based on operational needs. Permit essential services: Allow critical services like HTTP or SMB while blocking unnecessary traffic. Rules can be customized using parameters such as source, destination, and port, giving you precise control over how data flows through your network. This flexibility ensures that your network remains secure while maintaining the functionality required for day-to-day operations. Strengthening Security with Zone-Based Rules The new firewall system significantly enhances security by limiting unnecessary communication between zones. Sensitive resources, such as servers, security cameras, or databases, can be isolated and protected with detailed configurations. By blocking unauthorized traffic, you minimize the risk of exploitation and ensure a safer environment for your devices and data. This proactive approach to security reduces the likelihood of breaches and helps maintain the integrity of your network. Customization and Advanced Features UniFi's zone-based firewall offers extensive customization options to meet the diverse needs of different network environments. Some of the advanced features include: Device-specific rules: Tailor security settings to individual devices or services for maximum protection. Tailor security settings to individual devices or services for maximum protection. Traffic logging: Monitor activity and troubleshoot issues by analyzing logged data. Monitor activity and troubleshoot issues by analyzing logged data. Connection filtering: Manage return traffic and filter connections based on status for improved control. These features allow you to adapt the firewall system to your specific requirements, whether you're managing a small home network or a complex enterprise environment. The ability to fine-tune settings ensures that your network remains both secure and efficient. Best Practices for Effective Configuration To maximize the benefits of UniFi's zone-based firewall, consider implementing the following best practices: Start with essential rules: Focus on core security measures to maintain functionality while protecting your network. Focus on core security measures to maintain functionality while protecting your network. Organize logically: Arrange rules in a clear hierarchy, placing allow rules before block rules to avoid conflicts. Arrange rules in a clear hierarchy, placing allow rules before block rules to avoid conflicts. Keep it simple: Avoid overly complex configurations to reduce the risk of errors and ensure manageability. By following these strategies, you can strike a balance between robust security and ease of use, making sure that your network remains both protected and user-friendly. Real-World Use Cases The versatility of the zone-based firewall system makes it suitable for a wide range of scenarios. Some practical applications include: Guest network isolation: Prevent guest devices from accessing internal networks to protect sensitive resources. Prevent guest devices from accessing internal networks to protect sensitive resources. Service-specific access: Allow specific services, such as file sharing or web browsing, while blocking others to maintain control. Allow specific services, such as file sharing or web browsing, while blocking others to maintain control. Server protection: Safeguard critical servers from unauthorized access while allowing necessary communication for operations. These examples demonstrate how the system can effectively address diverse security challenges, making it a valuable tool for both personal and professional use. Advantages Over the Previous System The new zone-based firewall introduces several improvements over its predecessor, including: Intuitive interface: Simplifies rule creation and debugging, making it accessible to users of all skill levels. Simplifies rule creation and debugging, making it accessible to users of all skill levels. Enhanced visualization: Provides a clear overview of zones and rules for better management and oversight. Provides a clear overview of zones and rules for better management and oversight. Greater flexibility: Supports complex deployments and unique network setups with ease. These enhancements make the system a powerful solution for securing and optimizing your network, whether you're a seasoned IT professional or a tech-savvy home user. By adopting UniFi's zone-based firewall rules, you can create a secure, efficient, and adaptable network environment tailored to your specific needs. Media Credit: SpaceRex Filed Under: Guides, Hardware Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
