Latest news with #networksecurity
Globe and Mail
3 days ago
- Business
- Globe and Mail
Will the Traction in SASE and Zero Trust Keep Driving Cloudflare?
Cloudflare NET signed its longest secure access service edge (SASE) contract in the first quarter of 2025 and has been gaining traction constantly as enterprises modernize and simplify their network security and connectivity. Cloudflare combines its Zero Trust security products like Cloudflare Gateway, remote browser isolation and cloud access security broker with its Network Services like Magic WAN, Magic Transit and Magic Firewall, Cloudflare Network Interconnect and spectrum to provide an end-to-end cloud-based secured SASE solution that simplifies the adoption process for its clients, helping NET in winning larger deals. Cloudflare has also partnered with industry giants like TD SYNNEX to expand the geographical reach of its managed security services across Latin America, including Zero Trust and SASE solutions, to support MSSP growth in the region. In the Zero Trust space, NET has been witnessing tremendous customer growth for its core application services portfolio, Zero Trust solutions and network services like Magic Transit in Cloudflare One. NET has made Zero Trust integrations with companies like Atlassian, Microsoft and Sumo Logic, to enable small, medium and large-sized businesses to secure reliable tools and applications with enterprise-ready Zero Trust security. This strategy has expanded the reach of the Cloudflare One Zero Trust platform to more than 10,000 companies worldwide. These factors have helped Cloudflare to achieve 250,819 paying customers at the end of the first quarter, up 27% year over year. NET added 30 new customers during the quarter who contributed more than $100,000 in annual revenues. The total count of such customers reached 3,527 at the end of the quarter. How Competitors Fare Against Cloudflare Cloudflare faces stiff competition from Palo Alto Networks PANW and Zscaler ZS in SASE and Zero Trust offerings. Palo Alto Networks' SASE platform has an active customer user base of more than 6,000. Palo Alto Networks achieved 36% year-over-year growth in SASE ARR and 16% growth in $1 million-plus deals in the third quarter of fiscal 2025, making it a dominant SASE player. Zscaler, on the other hand, leads the Zero Trust space and also offers SASE solutions. The company offers Zero Trust Network Access solutions through Zscaler Private Access, which enables secure application access without VPN. ZS is now moving toward the Zero Trust Everywhere model, which secures cloud, endpoint and network. Zscaler also provides a full SASE platform by combining identity access, private access and cloud protection. Since the competition in the SASE and Zero Trust space is high, this remains an investor's concern for Cloudflare's growth. However, since the SASE market is witnessing a CAGR of 23.6% and the Zero Trust Market is seeing a CAGR of 16.7%, Cloudflare has enough headroom to expand its business. Cloudflare's Price Performance, Valuation and Estimates Shares of NET have surged 68.6% year to date compared with the Zacks Internet - Software industry's growth of 13%. From a valuation standpoint, NET trades at a forward price-to-sales ratio of 26.77X, higher than the industry's average of 5.68X. The Zacks Consensus Estimate for NET's fiscal 2025 and 2026 earnings implies year-over-year growth of 5.33% and 31.64%, respectively. The estimates for fiscal 2025 earnings have been revised downward in the past 60 days, and the 2026 earnings have been revised downward in the past 30 days. NET currently carries a Zacks Rank #3 (Hold). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. 5 Stocks Set to Double Each was handpicked by a Zacks expert as the #1 favorite stock to gain +100% or more in the coming year. While not all picks can be winners, previous recommendations have soared +112%, +171%, +209% and +232%. Most of the stocks in this report are flying under Wall Street radar, which provides a great opportunity to get in on the ground floor. Today, See These 5 Potential Home Runs >> Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Palo Alto Networks, Inc. (PANW): Free Stock Analysis Report Zscaler, Inc. (ZS): Free Stock Analysis Report Cloudflare, Inc. (NET): Free Stock Analysis Report
Geeky Gadgets
3 days ago
- Geeky Gadgets
Master UniFi's Zone-Based Firewall Rules for Ultimate Network Security
Have you ever wondered how to strike the perfect balance between network security and ease of management? For many, configuring firewalls can feel like navigating a maze of technical jargon and endless rule sets. But UniFi's new zone-based firewall rules aim to change that. By introducing a more intuitive and granular approach to managing traffic, this system enables users to create secure, organized networks without the headache of overly complex setups. Whether you're safeguarding a home network or managing enterprise-level infrastructure, these tools promise to simplify configurations while significantly enhancing security. In this step-by-step primer, SpaceRex breaks down everything you need to know about UniFi's latest innovation. From understanding the core structure of zone-based firewalls to crafting precise rules that protect your most critical assets, this guide will help you unlock the full potential of this powerful system. Along the way, you'll discover how to isolate vulnerable devices, reduce your network's attack surface, and maintain seamless functionality—all without sacrificing control. Ready to rethink how you manage your network? Let's explore how these tools can transform your approach to digital security. UniFi Zone Firewall Overview Why Zone-Based Firewall Rules Matter The transition to a zone-based firewall structure introduces several critical advantages for network administrators. By organizing your network into logical zones, this system allows for more precise and efficient management of traffic. Key benefits include: Enhanced traffic control: Apply rules at the interface level to manage data flow with precision. Apply rules at the interface level to manage data flow with precision. Improved visualization: Easily configure and manage zones and rules through a user-friendly interface. Easily configure and manage zones and rules through a user-friendly interface. Reduced attack surface: Limit unnecessary access between zones to strengthen overall security. This approach not only simplifies network management but also establishes clear boundaries between different types of traffic, making sure a more secure and organized digital environment. Understanding the Zone-Based Firewall Structure UniFi's zone-based firewall organizes your network into predefined and customizable zones, each tailored to specific purposes. The default zones include: Internal: Trusted networks, such as office or home environments, where devices communicate freely. Trusted networks, such as office or home environments, where devices communicate freely. Hotspot: Guest networks designed to isolate visitors from internal resources, making sure privacy and security. Guest networks designed to isolate visitors from internal resources, making sure privacy and security. DMZ: External-facing services like web or email servers that require limited access to internal systems. In addition to these default zones, you can create custom zones to address unique requirements. For example, you might isolate IoT devices to prevent them from accessing sensitive resources or segment critical servers for added protection. This structure allows you to group devices and services logically, making sure efficient traffic management and enhanced security. New Unifi Zone Firewall Rules Setup Guide 2025 Watch this video on YouTube. Enhance your knowledge on cybersecurity by exploring a selection of articles and guides on the subject. Granular Rule Creation for Enhanced Control One of the standout features of UniFi's zone-based firewall is its ability to define highly specific traffic rules between zones. This level of granularity enables you to: Block untrusted devices: Prevent unauthorized devices from accessing internal resources. Prevent unauthorized devices from accessing internal resources. Restrict access: Limit office network access to specific servers or services based on operational needs. Limit office network access to specific servers or services based on operational needs. Permit essential services: Allow critical services like HTTP or SMB while blocking unnecessary traffic. Rules can be customized using parameters such as source, destination, and port, giving you precise control over how data flows through your network. This flexibility ensures that your network remains secure while maintaining the functionality required for day-to-day operations. Strengthening Security with Zone-Based Rules The new firewall system significantly enhances security by limiting unnecessary communication between zones. Sensitive resources, such as servers, security cameras, or databases, can be isolated and protected with detailed configurations. By blocking unauthorized traffic, you minimize the risk of exploitation and ensure a safer environment for your devices and data. This proactive approach to security reduces the likelihood of breaches and helps maintain the integrity of your network. Customization and Advanced Features UniFi's zone-based firewall offers extensive customization options to meet the diverse needs of different network environments. Some of the advanced features include: Device-specific rules: Tailor security settings to individual devices or services for maximum protection. Tailor security settings to individual devices or services for maximum protection. Traffic logging: Monitor activity and troubleshoot issues by analyzing logged data. Monitor activity and troubleshoot issues by analyzing logged data. Connection filtering: Manage return traffic and filter connections based on status for improved control. These features allow you to adapt the firewall system to your specific requirements, whether you're managing a small home network or a complex enterprise environment. The ability to fine-tune settings ensures that your network remains both secure and efficient. Best Practices for Effective Configuration To maximize the benefits of UniFi's zone-based firewall, consider implementing the following best practices: Start with essential rules: Focus on core security measures to maintain functionality while protecting your network. Focus on core security measures to maintain functionality while protecting your network. Organize logically: Arrange rules in a clear hierarchy, placing allow rules before block rules to avoid conflicts. Arrange rules in a clear hierarchy, placing allow rules before block rules to avoid conflicts. Keep it simple: Avoid overly complex configurations to reduce the risk of errors and ensure manageability. By following these strategies, you can strike a balance between robust security and ease of use, making sure that your network remains both protected and user-friendly. Real-World Use Cases The versatility of the zone-based firewall system makes it suitable for a wide range of scenarios. Some practical applications include: Guest network isolation: Prevent guest devices from accessing internal networks to protect sensitive resources. Prevent guest devices from accessing internal networks to protect sensitive resources. Service-specific access: Allow specific services, such as file sharing or web browsing, while blocking others to maintain control. Allow specific services, such as file sharing or web browsing, while blocking others to maintain control. Server protection: Safeguard critical servers from unauthorized access while allowing necessary communication for operations. These examples demonstrate how the system can effectively address diverse security challenges, making it a valuable tool for both personal and professional use. Advantages Over the Previous System The new zone-based firewall introduces several improvements over its predecessor, including: Intuitive interface: Simplifies rule creation and debugging, making it accessible to users of all skill levels. Simplifies rule creation and debugging, making it accessible to users of all skill levels. Enhanced visualization: Provides a clear overview of zones and rules for better management and oversight. Provides a clear overview of zones and rules for better management and oversight. Greater flexibility: Supports complex deployments and unique network setups with ease. These enhancements make the system a powerful solution for securing and optimizing your network, whether you're a seasoned IT professional or a tech-savvy home user. By adopting UniFi's zone-based firewall rules, you can create a secure, efficient, and adaptable network environment tailored to your specific needs. Media Credit: SpaceRex Filed Under: Guides, Hardware Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Globe and Mail
5 days ago
- Business
- Globe and Mail
Cisco's Strong Portfolio Aids Product Revenues: A Sign of More Upside?
Cisco Systems CSCO is expanding its lead in network security and intelligent infrastructure through an innovative portfolio. In the third quarter of fiscal 2025, the company reported product revenues of $10.37 billion, up 15% year over year, and accounted for more than 73% of total revenues. This growth was led by a 54% surge in Security products, 24% growth in Observability, 8% in Networking and 4% in Collaboration. The company's product ARR rose 8%, reflecting the growing adoption of software-based offerings and signaling a successful shift toward a more predictable, margin-rich revenue model. This strong performance highlights Cisco's ability to meet enterprise demand for secure, scalable and intelligent infrastructure solutions. Cisco's latest innovation, AI Canvas, further accelerates this momentum. Positioned as a unified platform for AI-powered IT operations, it brings together real-time telemetry, intelligent automation and cross-domain collaboration in a shared interface. Integrated with Cisco's major platforms, including Meraki, ThousandEyes, Catalyst and Splunk, AI Canvas increases operational efficiency and shortens problem-solving cycles across NetOps, SecOps and DevOps. Cisco is leveraging its collaboration with NVIDIA to strengthen its footprint in the AI infrastructure domain. It secured AI infrastructure orders worth more than $1 billion to date in fiscal 2025, a quarter ahead of schedule. These latest solutions are expected to drive further growth. Fortinet & Juniper: Rising Threats to Cisco's AI Edge Fortinet FTNT and Juniper JNPR offer significant competition to Cisco's growing AI footprint. Fortinet is a formidable competitor to Cisco in AI-enhanced cybersecurity, with strengths in next-gen firewalls, Secure SD-WAN and SASE. With its unified FortiOS platform and AI-driven SecOps tools, Fortinet continues to challenge Cisco's dominance in enterprise network security. Its deep experience and consistent delivery of mission-critical solutions support its growing share in the cybersecurity market. Juniper excels in AI-powered networking, SDN and high-level routing, led by innovations like Mist AI and the Marvis virtual assistant. Juniper's Junos OS, with open SDK support, streamlines large-scale configuration and enables AI-native automation. With ongoing investments in AI-native infrastructure, Juniper is emerging as a strong competitor to Cisco in cloud-managed networking and enterprise automation. CSCO's Price Performance, Valuation & Estimates Shares of Cisco have gained 8.3% year to date compared with the Zacks Computer – Networking industry's return of 8%. From a valuation standpoint, CSCO appears overvalued, trading at a forward 12-month price-to-sales ratio of 4.31, higher than the industry's 4.11. Cisco carries a Value Score of D. The Zacks Consensus Estimate for CSCO's fiscal 2025 revenues is pegged at $56.59 billion, indicating 5.18% year-over-year growth. The consensus mark for CSCO's 2025 earnings is pegged at $3.79 per share, which increased 1.6% over the past 30 days. The earnings figure suggests 1.61% growth over the figure reported in fiscal 2024. CSCO stock currently carries a Zacks Rank #3 (Hold). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Zacks' Research Chief Names "Stock Most Likely to Double" Our team of experts has just released the 5 stocks with the greatest probability of gaining +100% or more in the coming months. Of those 5, Director of Research Sheraz Mian highlights the one stock set to climb highest. This top pick is a little-known satellite-based communications firm. Space is projected to become a trillion dollar industry, and this company's customer base is growing fast. Analysts have forecasted a major revenue breakout in 2025. Of course, all our elite picks aren't winners but this one could far surpass earlier Zacks' Stocks Set to Double like Hims & Hers Health, which shot up +209%. Free: See Our Top Stock And 4 Runners Up Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Cisco Systems, Inc. (CSCO): Free Stock Analysis Report Juniper Networks, Inc. (JNPR): Free Stock Analysis Report Fortinet, Inc. (FTNT): Free Stock Analysis Report This article originally published on Zacks Investment Research (
The Guardian
29-05-2025
- Business
- The Guardian
Virgin Media O2 mobile users' locations exposed for two years in security flaw
The locations of millions of Virgin Media O2 mobile customers were exposed for up to two years until a network security flaw was corrected, it has emerged. Before the fix was implemented on 18 May, anyone with a Virgin Media O2 sim card could use their phone to obtain sensitive information about the network's other customers using a 4G-enabled device, including their location to the nearest mobile mast. The flaw has now been patched and reported to the UK's communications and data protection regulators. Virgin Media O2 said there was no evidence that its network security systems had been externally breached. The locations of customers could be tracked most precisely in urban areas, where mobile masts cover areas as small as 100 square metres. Dan Williams, an IT specialist who discovered the defect, wrote that he was 'extremely disappointed' not to receive a response when he flagged the issue, which was resolved only after he blogged about it two months later, on 17 May. He said there had been no explanation for the delay. He wrote: 'I don't want to be the enemy, I simply want to feel comfortable using my phone.' Williams noticed Virgin Media O2's failure to configure its 4G calling software correctly when he was looking at messaging between his device and the network to work out call quality between himself and another O2 customer. 'I noticed that the responses from the network were extremely long, and upon inspection noticed that extra information from the recipient of the call was sent to the call initiator,' he told the Guardian. This included normally private information, such as the cell ID, which is the current cell tower a caller is connected to; information about sim card, which could be used for a cyber-attack; and the phone model, which can be used to work out how to access it. He believed that it was 'possible this was used in the wild and not reported against' though there was no way to quantify that. If it had been that would be 'quite a large problem', as 'there are situations where this data is extremely, extremely sensitive', for example domestic abuse survivors or government workers, he added. 'I came across it by accident. Someone purposefully trying to find these kinds of vulnerabilities would have probably come across it,' he said. 'There are white papers detailing this exact scenario and warning networks against doing this.' The FT, which first reported Williams's findings, said he had tested the problem with another O2 customer, successfully tracking them to Copenhagen, Denmark. Disabling the 4G calling feature on devices would have prevented them from being tracked, though this is not possible on some handsets, such as iPhones. The issue may have also affected some customers of Giffgaff and Tesco Mobile, which use Virgin Media O2's network. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion Alan Woodward, cybersecurity professor at Surrey University, said location data 'could be valuable for scams such as social engineering, or even blackmail' and for phishing attempts referencing a recent location, though they would need other information about the person for this to work. He said this was unlikely to happen for normal people who were not criminal targets, but nevertheless fixing the vulnerability should have been a 'matter of urgency'. A Virgin Media O2 spokesperson said: 'Our engineering teams had been working on and testing a fix for this configuration issue over a number of weeks, and we can confirm this fix was fully implemented on 18 May. 'Our customers do not need to take any action, and we have no evidence of this issue being exploited beyond the two illustrative examples given by a network engineer in his blog which we reported to the ICO [Information Commissioner's Office] and Ofcom. There has been no external compromise of our network security at any time.' An Ofcom spokesperson said it was 'aware that O2 has experienced a network security issue', and is in contact with the provider to establish the scale and cause of the problem. An ICO spokesperson said that after assessing the information provided by Telefonica and remedial steps taken, 'we will not be taking further action at this stage'.
CNET
22-05-2025
- CNET
My Tips on the 5 Settings You Should Change on Your Router Right Away
When you get a new router, it's tempting to just plug it in, get online as quickly as possible and move on. However, given your router is responsible for directing nearly 100% of all internet traffic in your home network, it's definitely worth taking a few minutes to update some security settings before you move on with your day. As CNET's router expert, I know a few easy tricks for creating a secure Wi-Fi network and when I bought my own router, these were the first settings I updated -- and you should, too. Whether you just invested in your own router or you're renting one from an ISP, here is what to update on your new Wi-Fi router to enjoy browsing and streaming safely. For context, I'm an Xfinity (Comcast) subscriber, but the tips here should translate no matter what internet provider you use. 1. Change the network name and password To change the username and password, you'll need to log into your provider's website or mobile app. Log in to your account and look for a section for Network or W-Fi settings. On Xfinity's website, I clicked WiFi Details to change the name of my Wi-Fi network and set a new password. Choose a password -- or better yet, a passphrase -- that you'll remember but isn't too easy to guess. Matt Elliott/CNET 2. Choose a security mode If you set a strong password for your router, then you've taken the first step of securing your network rather than leaving it open for anyone to access. With a password set on a modern router, you are most likely using WPA2 or WPA3 encryption. Locating local internet providers WPA, or Wi-Fi Protected Access, is a 256-bit encryption protocol that is more secure than the older, weaker WEP standard that uses 64- or 128-bit encryption. WPA2 improves upon WPA by using a stronger encryption algorithm. It uses the Advanced Encryption Standard (AES) algorithm that is more secure than WPA and its TKIP (Temporal Key Integrity Protocol) algorithm. WPA3 stepped up the security measures even further, strengthening password security, data encryption and smart home connections. Many routers offer a mixed mode of WPA2 and WPA3 so that older devices that pre-date WPA3 can connect to your network. WPA2 has been around for more than 10 years so it's unlikely that your router is still using WPA encryption. When choosing the security mode for your router, I would go with WPA3 and only switch to mixed mode if you have an ancient device that won't connect to your WPA2-protected network. 3. Check network mode and bands If you're using a newer Wi-Fi 7 router, it broadcasts in three frequencies: 2.4, 5, and 6 GHz. These are the frequencies with which your wireless network broadcasts radio waves to transmit information. All three frequency bands should be on by default, but check the advanced settings of your provider's website or app to check the status of both to make sure they are active. The 2.4GHz band is more crowded because it's the frequency many common electronics in your household use, from cordless phones and baby monitors to garage door openers and microwaves. You might run into network interference with 2.4GHz, but it allows older devices to connect to your network. The 5GHz band is less congested and faster but has shorter range than the 2.4GHz band. The 6GHz band is significantly faster than the other two, but it works best when your devic around 15 feet or closer to your router. With all three modes operating, your router will choose the best mode for each of your network devices. 4. Enable parental controls Look for a Parental Controls or Access Restrictions section to establish some boundaries for your kids' devices. With Xfinity, click the People tab to set up profiles for your kids. You can assign devices for each profile and then hit Pause for any or all devices of a profile to give them a break from Instagram, Snapchat, texting and everything else on the Internet. You can also enable parental controls for a profile to "reduce the risk of accessing objectionable websites and apps and enable protective search settings for Google, Bing and YouTube." You'll also find the option to set active hours for your kids' devices. Xfinity calls it Bedtime mode, which lets you set the hours the internet is and isn't available. There are different options for weeknights and weekends. Matt Elliott/CNET 5. Set up guest network Creating a guest Wi-Fi network saves you from potentially giving visitors access to shared computers and files on your network as well as the hassle of needing to tell them your complicated or embarrassing Wi-Fi password. In your account settings, look for Guest Network or Home Hotspot. Matt Elliott/CNET With Xfinity, I couldn't find this setting with the other Wi-Fi settings but instead had to move a level up to my general account settings. From the main account page, it was listed under Settings. With it enabled, Xfinity started broadcasting a separate network called "xfinitywifi" that guests can use without needing to track me down for a password.
