Is the Firewall dead?

-

Is the Firewall dead? Depends on what you define as alive and well which can look quite different based on many factors, but let's not get lost in semantics, and instead consider common reoccurring attempts at transformation and maturity around adoption and progression. Full disclosure, these are my personal opinions, views, etc.


If your platform cannot support what most folks refer to as the infrastructure of yesterday (which is a large majority of organizations today) mixing up public and private data centers with a range of workload types such as virtual machines, and microservices. That's a problem.

Security and Risk Teams take into account the Business risks and priorities and align with infrastructure and operations to ensure controls are in place as needed.


Today, we see an accelerated adoption for Serverless Kubernetes, and with Organizations looking to Infrastructure as Code deployment as the end all be all to automating the entire puzzle and not just a piece here and there. Many of us are not yet there or even close, but it's coming. Not as quickly as I had imagined a few years ago, but nonetheless, it's prevalent today. Both are exciting and challenging because private platform providers are still very real and relevant. VMware, Microsoft Hyper-V, OpenStack, Nutanix, etc., are all very relevant and innovative with the public progression. However, heavy development on ecosystems, enterprise, and interoperability with others is a large part of the value add and proposition. 



For me, early on, it was more challenging to see the big picture or immediate value, especially if you don't know what that environment looks like. Today, it's not as cloudy (no pun intended) to look back and get a sense of the "big picture". When discussing with folks who are on this journey, many with different technologies and diverse workloads, visibility, and security, are almost always the highest concerns or pain points today.  How do we best support an ever-changing infrastructure by aligning the business risks and priorities? And by the way, this needs to be done easily, with little to no friction in all areas, agnostic of provider and platform. Support what is in place, requiring no changes to the individual or departmental workflows, to provide that last guardrail when a bad day happens. It will.  



Minimizing the use of multiple consoles to manage and operate is another thing that pops up. Less time is needed configuring native solutions and integrations and more time to keep up with the rapid pace of our world and technology. Many times we are often sidetracked or lack the time needed to understand the latest feature to support XYZ, or the time needed to analyze the risks around exposure, security, and workflow. 

Supporting the developers in securing and policing their hard work without adding additional tasks or modifying existing processes in place should also be considered. May developers and dev teams have ways they collaborate, or research local scans and findings, those results in a place they are familiar with and how to react when a problem occurs. 



With that in mind, having a single cohesive landing zone dedicated to specific operations and views transparently is paramount for adoption. The next area has traditionally not been heavily involved in the normal security methodologies and flows many of us are quite used to because of many factors. Let's assume it's been friction, and extra research and work are needed because the security technology cannot integrate easily with the plethora of platforms, workloads, etc. 

Before you think to give up all your other platforms or solutions for a single source of truth, this is not at all what I am implying. 

When I put my developer hat on, I would never give up something that works for me let alone ask someone else to give up their favorite open-source security scanner or tester. 


When I'm wearing my DevOps hat and working with the many CI platforms and Artifactories such as GitLab, Jenkins, Travis, Grafana, and Jfrog I feel many of these solutions are great tools of technology providing value and areas that excel among others.  



As time goes on, the need for many has dwindled down making not only my day-to-day easier to manage and react to, but now I have flexibility and time to venture out evaluate and see what the next evolution of computing and platforms holds. What may have worked for many of us years ago, may not be relevant because of innovative technology or the hat we are wearing today. Could be something out of our control such as workload innovations, hybrid infrastructures, or lack of integrations or support from the days of old, to the future. Many other factors to consider are the rapid technological growth and the connected world we live in and its impact and influence but that is for another day. 






Not to mention my repositories such as GitHub, Harbor, Tanzu,  or Orchestrators, such as Portainer, Docker, Rancher, Lens, and Octant,  pick your poison. Think of us as your safety net, the Security Integrator ensuring the riskiest misconfigurations or attacks get the coverage needed because they are aligned with the business risk priorities regardless of workload or platform provider.  When a bad day happens (in or out) of the automatic workflow can it support legacy infrastructure handling today's workloads? Will it support many teams leading with Zero trust RBAC and segmentation?  


It has to support code to cloud delivery, easily, cloud-agnostic, platform agnostic, simplified integration, onboarding, and day-to-day intuitive operations. Simply put fewer clicks, is quick to ingest with sound technology, and has a leading security track record. 

Check Point CloudGuard provides a platform that delivers all of this and more. I can tell you today the firewall is very much alive and evolving at a rapid pace. If you haven't seen us in a bit, come check it out.  

Summary: The firewall looks different, and, is looked at differently by many folks. Don't get caught up in semantics. Research, and do what works for you and not the latest buzz trend or tech lingo.

To find out more, click here!  

Popular

Federated user activity made easy

-
Image
 Federated user activity made easy. The other day I was auditing a sandboxed account in AWS and started investigating resources connected to a federated role for a group of students that are no longer enabled on the account. I noticed a few objects that should have been elsewhere or terminated after the fact, regardless, neither here nor there. After about 30 minutes of sifting through logs, creating custom queries, and trying to put them together, I lost interest because of the time and day-to-day priorities. I felt this was a good use case for me to test out some of the functionality of CloudGuard's investigation and correlation engine within the platform and try out this voice-over platform. Enjoy - Video below: if you feel inclined to research further, visit the product page
Read more

Meet Kaniko

-
Image
So, what is kaniko? Kaniko is a tool to build container images from a Dockerfile inside a container or Kubernetes cluster. Another great callout for me is that my CI provider, GitLab makes it super easy to implement in my pipelines. Kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile entirely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. How does Kaniko work? The kaniko executor image is responsible for building an image from a Dockerfile and pushing it to a registry. Within the executor image, we extract the filesystem of the base image (the FROM image in the Dockerfile). We then execute the commands in the Dockerfile, snapshotting the filesystem in userspace after each one. After each command, we append a layer of changed files to the base image (if there are any) and update image metadata. Highly recommend visiting their  repo  ...
Read more

Google Cloud: Container Registry will be replaced by Artifact Registry

-
Spoiler Alert: (you've got some time) Container Registry will be replaced by Artifact Registry. Please upgrade your projects to Artifact Registry before March 18, 2025. On March 18, 2025 , Container Registry will be replaced by Artifact Registry . We understand this change may affect your production workloads, so we've put together resources to make this transition as smooth as possible for you. What do you need to know? To retain access to your container images, please take note of these critical dates and actions you need to take related to the Container Registry shutdown: March 18, 2025: You will no longer be able to push new images to Container Registry. April 22, 2025: You will lose access to existing images in Container Registry. To maintain access, you must copy them to the Artifact Registry before this date. May 22, 2025: All requests to the gcr.io domain will be handled exclusively by Artifact Registry. Ensure the Artifact Registry...
Read more